Skip to content

Attribution Tracker

total attributions recorded
0

of which

were in the last 6 months
0

scroll down

“Attribution describes the process of assigning respon­sibility for a cyberattack to an actor”  (Bendiek/Schulze 2021). Our Attribution Tracker, as seen above, records these assignments of responsibility from the last six months and records this attribution count in relation to the number of all attributions recorded by EuRepoC since 2000.

  • Technical Attribution

    This is the process of assigning technical responsibility for a cyber incident, taking into account the tactics, techniques and procedures (TTPs) used by the attackers in order to deduce the origins of the incident on this basis. The "Technical Report" category covered by EuRepoC primarily includes reports from cybersecurity companies.

  • Unofficial Policy Attribution

    This is the process of unofficial policy attribution of responsibility for a cyber incident. Examples may include leaks from public officials or high-ranking civil servants making statements in media reports.

  • Official Policy Attribution

    This is the process of official policy attribution of responsibility for a cyber incident through public speeches or press releases by public officials/high-ranking civil servants. In contrast to technical or legal attributions, this form of attribution usually involves less circumstantial evidence or proof.

  • Legal Attribution

    This is the pocess of direct legal attribution of responsibility for a cyber incident with the aim of prosecution or public declaration of a breach of norms. This regularly involves the presentation of verifiable circumstantial evidence and proof.

  • Self-Attribution

    This is the process of direct attribution of responsibility for a cyber incident by a perpetrator (e.g., via social media), such as hacktivists or cyber criminals. This may be done for a variety of reasons, such as intimidation of a victim or an increase in pressure for them to pay in ransomware attacks.

Actors within democracies attribute most frequently

The majority of all (technical, political, or legal) attributions recorded by EuRepoC are made by actors from democratic states. In contrast, only a small proportion of attributions are made by actors from states with autocratic or hybrid regimes.

Attributions from democratic states are most often made through technical attributions, followed by official policy attributions at a clear distance. In contrast, actors from autocracies often attribute themselves. This can be seen especially with self-attributions by criminally- and patriotically-motivated threat actors of Russian origin.

A substantial proportion of attributions cannot be assigned to any regime type or state territory. Among other reasons, this may happen when a threat actor discloses an attack itself (self-attribution) but its operational base or national affiliation is unknown.

Number of attributions recorded by type of regime and attribution

Technical report    Unofficial policy attribution     Self-attribution
Official policy attribution    Media-attribution     Legal attribution    Other attribution

Number of cyber incidents and attributions by month

Number of attributions done in this month     Number of incidents started in this month

Attribution activity has remained stable over time

The number of cyber incidents and the number of (technical and political) attributions varies considerably over time (see graph), but the ratio of recorded cyber operations and attributions remains relatively stable.

It can be seen that, for the vast majority of incidents recorded by EuRepoC, an attribution is made at a certain point in time, whereby the period between the start of the cyber operation and the associated attribution can be shorter (self-attribution; unofficial policy attribution ) or longer (official policy and legal attribution; see the following graph on “Attribution time”), depending on the form of attribution.

Attribution Map

Actors from the USA attribute the most frequently

Both state and non-state actors in the USA (e.g., cybersecurity companies) attribute most frequently. The majority of attributions point to threat actors from China, Iran, North Korea and Russia.

Within the European Union, EuRepoC records the largest share of attributions from Slovakia because a large cybersecurity company is based there which regularly carries out (mostly technical) attributions.

Attribution activity between countries (dyads)

Attribution processes become quicker over time; Exceptions prove the rule

The average duration of an attribution process (i.e., the period between the start of a cyber incident and its public attribution) decreases over time. However, long-past operations that have yet to be attributed can still impact these average values.

The majority of attributions occur within the first four months after the start of a cyber incident. However, there is also a significant number of attributions that take place much later, with some attribution processes lasting 50 months or longer (not shown here).

Period between the start of a cyber incident and its public attribution

Attributions in the past six months        Total attributions over time

Browse the attributions added during the last six months

Attribution date Name Attribution type Attributing country Attributing actor Attributed country Receiver country
12 Dec 2023 Ukrainian Defence Intelligence hacks Russian Federal Taxation Service in December 2023Self-attributionUkraineMain Intelligence Department of the Ministry of Defense of Ukraine (GURMO) UkraineRussia
11 Dec 2023 Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022Technical reportUnited StatesJonathan Condra (Recorded Future)ChinaUnited States
11 Dec 2023 Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022Other attributionUnited StatesJonathan Condra (Recorded Future)ChinaUnited States
11 Dec 2023 Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022Unofficial policy attributionUnited StatesEric Goldstein (CISA’s executive assistant director)ChinaUnited States
11 Dec 2023 Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022Unofficial policy attributionUnited StatesMorgan Adamski (Director of the National Security Agency’s Cybersecurity Collaboration Center)ChinaUnited States
11 Dec 2023 Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022Other attributionUnited StatesEric Goldstein (CISA’s executive assistant director)ChinaUnited States
11 Dec 2023 Chinese APT Volt Typhoon compromised US critical infrastructure targets in 2022Other attributionUnited StatesMorgan Adamski (Director of the National Security Agency’s Cybersecurity Collaboration Center)ChinaUnited States
11 Dec 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportUnited StatesPwCChinaWestern Europe
11 Dec 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportGermanyMicrosoftChinaWestern Europe
11 Dec 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportUnited StatesMicrosoftChinaWestern Europe
11 Dec 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportGermanyPwCChinaWestern Europe
11 Dec 2023 North Korean state-sponsored hacker group Lazarus targeted companies in manufacturing, agriculture and physical security sectors with new malware families as part of operation 'Blacksmith' since March 2023Technical reportUnited StatesCisco Talos IntelligenceKorea, Democratic People's Republic ofSouth America
08 Dec 2023 Russian state-sponsored hacking group Seashell Blizzard (aka Sandworm)gained access to and disrupted networks of organisations linked to Ukrainian agricultural sector beginning on 25 July 2023Technical reportUnited StatesMicrosoftRussiaUkraine
08 Dec 2023 Russian ITG05 ( aka APT28 / Fancy Bear) compromised targets from 13 nations with backdoor called Headlace from August until December 2023Technical reportUnited StatesIBM Security X-ForceRussiaPoland
08 Dec 2023 Russian state-sponsored hacking group Aqua Blizzard aka Gamaredon exfiltrated data of organisations linked to Ukrainian agricultural industry between June and July 2023Technical reportUnited StatesMicrosoftRussiaUkraine
07 Dec 2023 Play Ransomware group disrupted Greater Richmond Transit Company in late November 2023Self-attributionNot availablePLAYNot availableUnited States
06 Dec 2023 Russian state-sponsored Callisto group conducted Spear-phishing campaign against several US defence institutionsLegal attributionUnited StatesUS Department of Justice (DoJ)RussiaUnited States
05 Dec 2023 State-sponsored North Korean hacker group Andariel stole sensitive information from South Korean defense companies as well as research institutes and pharmaceutical companies since at least 22 December 2022Official policy attributionKorea, Republic ofSeoul Metropolitan Police Agency (SMPA)Korea, Democratic People's Republic ofNot available
05 Dec 2023 Polish train manufacturer Newag SA suspected of installing programming errors in its own trains since 2022Technical reportPolandDragon SectorPolandPoland
05 Dec 2023 Russian state-sponsored Callisto group conducted Spear-phishing campaign against US Department of Energy beginning in May 2022Legal attributionUnited StatesUS Department of Justice (DoJ)United StatesUnited States
05 Dec 2023 State-sponsored North Korean hacker group Andariel stole sensitive information from South Korean defense companies as well as research institutes and pharmaceutical companies since at least 22 December 2022Official policy attributionKorea, Republic ofFederal Bureau of Investigation (FBI)Korea, Democratic People's Republic ofNot available
05 Dec 2023 State-sponsored North Korean hacker group Andariel stole sensitive information from South Korean defense companies as well as research institutes and pharmaceutical companies since at least 22 December 2022Official policy attributionUnited StatesSeoul Metropolitan Police Agency (SMPA)Korea, Democratic People's Republic ofNot available
05 Dec 2023 State-sponsored North Korean hacker group Andariel stole sensitive information from South Korean defense companies as well as research institutes and pharmaceutical companies since at least 22 December 2022Official policy attributionUnited StatesFederal Bureau of Investigation (FBI)Korea, Democratic People's Republic ofNot available
01 Dec 2023 Undisclosed Foreign Criminal Group Attacked U.S. - based Fred Hutch Cancer Center in Washington on November 19 Other attributionUnited StatesFred Hutchinson Cancer CenterNot availableUnited States
30 Nov 2023 North Korean State-Sponsored Hacking Group Kimsuky Stole Documents Through Backdoor from South Korean Research Institutes for an Undisclosed Period of Time Technical reportKorea, Republic ofAhnLabKorea, Democratic People's Republic ofKorea, Republic of
30 Nov 2023 ALPHV/BlackCat steals data from HTC Global Services in November 2023Self-attributionNot availableBlackCat/ALPHVNot availableUnited States
30 Nov 2023 Unknown threat actors targeted Irish water utility Drum/Binghamstown Group Water Scheme causing disruptions on 30 November 2023 Self-attributionNot availableCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofIreland
28 Nov 2023 Ransomware group Daixin Team targeted North Texas Municipal Water District (NTMWD) in November 2023Self-attributionNot availableDaixin TeamNot availableUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionUnited StatesCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionNot availableCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionUnited StatesCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionNot availableCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionUnited StatesCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionNot availableCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionNot availableCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionUnited StatesCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionNot availableCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionNot availableCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionUnited StatesCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Official policy attributionNot availableCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Official policy attributionUnited StatesCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Official policy attributionNot availableCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Self-attributionUnited StatesCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofUnited States
25 Nov 2023 Iranian hacker group Cyber Av3nger breached Municipal Water Authority of Aliquippa in Pennsylvania on 25 November 2023Official policy attributionUnited StatesCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
24 Nov 2023 Chinese hacker group Chimera accessed IT system of Dutch semiconductor manufacturer NXP during 2017-2020Other attributionNetherlandsNRC newspaperChinaNetherlands
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportUnited KingdomNational Intelligence Service (NIS)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 Unknown ransomware group paralysed shared data centre of eleven municipalities in the Neu-Ulm district in Germany since at least 21 November 2023Self-attributionNot availableNot availableNot availableGermany
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportKorea, Republic ofUnited Kingdom’s National Cyber Security Centre (NCSC)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportUnited KingdomUnited Kingdom’s National Cyber Security Centre (NCSC)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportKorea, Republic ofNational Intelligence Service (NIS)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 Ukraine's intelligence service compromised and published data from Russia's Federal Air Transport Agency Rosaviatsia in 2023Self-attributionUkraineMain Directorate of Intelligence of the Ministry of Defence of UkraineUkraineRussia
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportKorea, Republic ofUnited Kingdom’s National Cyber Security Centre (NCSC)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportKorea, Republic ofNational Intelligence Service (NIS)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportUnited KingdomNational Intelligence Service (NIS)Korea, Democratic People's Republic ofKorea, Republic of
23 Nov 2023 Ransomware group Meow compromised database of Vanderbilt University Medical Center around 23 November 2023Self-attributionNot availableMeowNot availableUnited States
23 Nov 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportUnited KingdomUnited Kingdom’s National Cyber Security Centre (NCSC)Korea, Democratic People's Republic ofKorea, Republic of
22 Nov 2023 North Korean state-sponsored hacking group Diamond Sleet compromised over 100 devices in multiple countries via supply chain compromise Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofJapan
21 Nov 2023 Hacking group Al-Toufan disrupted access for two Bahraini government websites on 21 November 2023Self-attributionNot availableAl-ToufanNot availableBahrain
20 Nov 2023 North Korea-affiliated hacking group Andariel targeted South Korean companies with TigerRat, NukeSped variants, Black RAT and Lilith RAT malware in 2023Technical reportKorea, Republic ofASECKorea, Democratic People's Republic ofKorea, Republic of
20 Nov 2023 Ukrainian hacktivist group Cyber Resistance gained access to email account of former air force officer Maxim Okss containing sensitive data on arms deliveries to RussiaSelf-attributionUkraineCyber Resistance aka the Ukrainian Cyber AllianceUkraineRussia
20 Nov 2023 Hacktivist group SiegedSec breached human ressources application linked to Idaho National Laboratary in November 2023Self-attributionNot availableSiegedSecNot availableUnited States
20 Nov 2023 Ransomware group Rhysidia targeted British Library on 28 October 2023Self-attributionNot availableNot availableNot availableUnited Kingdom
17 Nov 2023 Russian APT-Gamaredon infected unspecified targets in Ukraine and other countries worldwide since autumn 2023 with USB propagating worm LitterDrifterTechnical reportIsraelCheck Point ResearchRussiaVietnam
17 Nov 2023 Pro-Russian hacking group NoName057(16) targeted websites of Swiss government and critical infrastructure organisations with DDoS attacks on 17 November 2023Self-attributionNot availableNoName057(16)RussiaSwitzerland
17 Nov 2023 Chinese APT Stately Taurus aka Mustang Panda compromised government entities from the Philippines in August 2023Technical reportUnited StatesPalo Alto Networks Unit 42ChinaPhilippines
17 Nov 2023 Medusa Ransomware gang targeted Toyota Financial Services in November 2023 Self-attributionNot availableMedusa Ransomware GroupNot availableJapan
16 Nov 2023 Unidentified threat actor targeted Vietnamese government entity using Zimbra vulnerability in July 2023Technical reportUnited StatesGoogle's TAGNot availableVietnam
16 Nov 2023 Unidentified threat actor targeted Pakistani government organisation exploiting Zimbra vulnerability in August 2023Technical reportUnited StatesGoogle's TAGNot availablePakistan
15 Nov 2023 INC Ransomware Group Claimed to Have Hit Yamaha Motor's Philippine Subsidiary with Ransomware Beginning in October 2023Self-attributionNot availableINC Ransomware groupNot availablePhilippines
15 Nov 2023 BlackBasta disrupted services at Toronto Public Library beginning on 28 October 2023Self-attributionNot availableBlackBastaNot availableCanada
09 Nov 2023 Suspected russian false-flag hacktivists Anonymous Sudan claimed responsibility for DDoS attacks on OpenAI causing periodic disruptions on 8 November 2023Self-attributionNot availableAnonymous SudanRussiaUnited States
09 Nov 2023 Pro-Russian Hacking Group 'NoName057(16)' Suspected Of Disrupting Numerous Belgian Government Websites On 9 November 2023Self-attributionNot availableNoName057(16)RussiaBelgium
09 Nov 2023 Russia-linked Sandworm caused power outage and deployed wiper coinciding with missile strikes against Ukrainian critical infrastructure in October 2022Technical reportUnited StatesMandiantRussiaUkraine
09 Nov 2023 Hacktivist group Anonymous Sudan disrupted website of US information and communication technology company Cloudflare on 9 November 2023Self-attributionNot availableAnonymous SudanRussiaUnited States
07 Nov 2023 Chinese APTs targeted Cambodian government organisations since September 2023Technical reportUnited StatesPalo Alto Networks Unit 42ChinaCambodia
06 Nov 2023 Agonizing Serpens targeted Israeli education and technology organisations since January 2023Technical reportIsraelPalo Alto Networks Unit 42Iran, Islamic Republic ofIsrael
06 Nov 2023 ALPHV targeted servers of Japanese electronics and aerospace products maker Japan Aviation Electronis in November 2023Self-attributionNot availableBlackCat/ALPHVNot availableJapan
06 Nov 2023 Russian cyber-crime group PLAY disrupted store KaDeWe in Berlin on 3 November 2023Other attributionGermanyKaufhaus des Westens (KaDeWe)RussiaGermany
05 Nov 2023 Unidentified pro-Hamas hacktivists defaced websites of Israeli basketball teams starting on 5 NovemberSelf-attributionNot availableNot availableNot availableIsrael
04 Nov 2023 Lorenz group targeted Codgell Memorial Hospital in Texas with ransomware on 1 November 2023Self-attributionNot availableLorenz groupNot availableUnited States
03 Nov 2023 Pro-Russian hacking group 'NoName057(16)' suspected of disrupting various websites of Dutch transport sector on 3 November 2023Self-attributionRussiaNoName057(16)RussiaNetherlands
02 Nov 2023 Ransomware group LockBit claimed to have compromised website of US aircraft manufacturer Boeing in October 2023Self-attributionRussiaLockBitRussiaUnited States
01 Nov 2023 Iranian hacker group suspected of targeting Israelian Ziv Medical Center in November 2023Self-attributionIran, Islamic Republic ofNot availableIran, Islamic Republic ofIsrael
01 Nov 2023 DAIXIN Team claimed responsibility for ransomware attack on local service provider impacting five hospitals in Ontario on 23 October 2023Self-attributionNot availableDaixin TeamNot availableCanada
31 Oct 2023 Lockbit Ransomware Group Hit Senegalese Government Agency Ageroute Senegal with Ransomware and Leaked Data Starting in October 2023Self-attributionNot availableLockbit 3.0RussiaSenegal
31 Oct 2023 Iranian state-sponsored hacker group Scarred Manticore gained access to Windows servers of various Middle Eastern state and private institutions using LIONTAIL malware framework since at least 2022Technical reportIsraelCheck Point ResearchIran, Islamic Republic ofOman
30 Oct 2023 Pro-Hamas hacktivist group targeted Israeli entities with new BiBi-Linux wiper malwareTechnical reportIsraelSecurity JoesNot availableIsrael
30 Oct 2023 Alleged Russian hacker group UserSec disrupted access to Manchester Airport website on 30 October 2023Self-attributionNot availableUserSecRussiaUnited Kingdom
30 Oct 2023 DumpForums group and Ukrainian Cyber Alliance defaced website of Russian National Payment Card System (NSPK) in October 2023Self-attributionNot availableDumpForumsNot availableRussia
30 Oct 2023 DumpForums group and Ukrainian Cyber Alliance defaced website of Russian National Payment Card System (NSPK) in October 2023Self-attributionNot availableCyber Resistance aka the Ukrainian Cyber AllianceNot availableRussia
27 Oct 2023 North Korean State-Sponsored Hacking Group Lazarus Compromised Unnamed Software Vendor Starting In Mid-2022Technical reportRussiaKasperskyKorea, Democratic People's Republic ofNot available
27 Oct 2023 IT Army of Ukraine disrupted internet services in territories occupied by Russia on 27 October 2023Self-attributionUkraineIT Army of UkraineUkraineRussia
25 Oct 2023 Threat actor 'YoroTrooper' targeted critical infrastructure and government organizations in CIS countries beginning in June 2023Technical reportUnited StatesCisco Talos IntelligenceKazakhstanKyrgyzstan
25 Oct 2023 Octo Tempest targeted gaming, hospitality, manufacturing, finance and other sectors with ransomware since Mid 2023Technical reportUnited StatesMicrosoftNot availableNot available
25 Oct 2023 Octo Tempest targeted Telecommunications, email and tech service providers with data-theft extortion scheme from late 2022 until early 2023Technical reportUnited StatesMicrosoftNot availableNot available
24 Oct 2023 Pro-Russian hacking group 'NoName057(16)' suspected of attacking Czech government agencies, Prague airport and national police with DDoS attack on 24 October 2023Technical reportUnited States GenDigitalRussiaCzech Republic
24 Oct 2023 Pro-Russian hacking group 'NoName057(16)' suspected of attacking Czech government agencies, Prague airport and national police with DDoS attack on 24 October 2023Self-attributionNot availableNoName057(16)RussiaCzech Republic
23 Oct 2023 Pro-Ukrainian hacker groups KibOrg and NLB collaborated with Ukrainian security services (SBU) in compromise of Russian private bank AlfaSelf-attributionUkraineSecurity Service of Ukraine (SBU)UkraineRussia
23 Oct 2023 Anti-Israel Hacktivists target Brazilian ISPs with DDoS attacks starting on 20 October 2023Self-attributionNot availableIRoX TeamNot availableBrazil
19 Oct 2023 Iranian Crambus espionage group targeted unnamed Middle Eastern government in eight-month long espionage campaign during 2023Technical reportUnited StatesSymantecIran, Islamic Republic ofMiddle East (region)
19 Oct 2023 Pro-Ukrainian hacker groups KibOrg and NLB collaborated with Ukrainian security services (SBU) in compromise of Russian private bank AlfaSelf-attributionUkraineKibOrgUkraineRussia
19 Oct 2023 Pro-Ukrainian hacker groups KibOrg and NLB collaborated with Ukrainian security services (SBU) in compromise of Russian private bank AlfaSelf-attributionUkraineNLBUkraineRussia
18 Oct 2023 Hacktivist group Ukrainian Cyber Alliance infiltrated Trigona ransomware group in October 2023Self-attributionUkraineCyber Resistance aka the Ukrainian Cyber AllianceUkraineNot available
18 Oct 2023 North Korean state-sponsored hacking group Onyx Sleet compromised vulnerable TeamCity servers since early October 2023Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofNot available
18 Oct 2023 North Korean state-sponsored hacking group Diamond Sleet compromised vulnerable TeamCity servers since early October 2023Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofNot available
17 Oct 2023 North Korean state-integrated hacking group Lazarus gained access to networks of defence and maritime companiesTechnical reportRussiaKasperskyKorea, Democratic People's Republic ofNot available
17 Oct 2023 APT 'TetrisPhantom' targeted governments in the APAC region with USB drive compromiseTechnical reportRussiaKasperskyNot availableAsia (region)
15 Oct 2023 Hacker (group) 3musketeerz defaced and possibly breached website of Philippine House of Representatives on 15 october 2023Self-attributionNot available3musketeerzNot availablePhilippines
15 Oct 2023 Russian state-sponsored threat actor 'Sandworm' disrupted several Ukrainian telcommunication providers beginning May 2023Technical reportUkraineCERT-UARussiaUkraine
14 Oct 2023 Anonymous Guatemala disrupted multiple Guatemalan government webpages via DDoS-attacks on 14 October 2023Self-attributionGuatemalaAnonymous GuatemalaNot availableGuatemala
13 Oct 2023 North Korean state-integrated threat actor Lazarus leveraged zero day against South Korean Software maker Dream Security to setup supply-chain-compromise in March 2023Technical reportKorea, Republic ofAhnLabKorea, Democratic People's Republic ofKorea, Republic of
12 Oct 2023 Israeli Billboards defaced to show Pro-Hamas Content in October 2023Self-attributionNot availableNot availableNot availableIsrael
11 Oct 2023 French cloud computing service provider Shadow PC suffered theft of user data affectign 500,000 customers in late September 2023Self-attributionNot availabledepressedNot availableFrance
11 Oct 2023 Unnamed hacker group targeted telecom and government sectors in Asia since 2021 Technical reportIsraelCheck Point ResearchNot availablePakistan
10 Oct 2023 Government-backed group Grayling targeted manufacturing, IT, and biomedical sectors across Taiwan, Vietnam, the US and an unnamed Pacific island for reconnaissance, between February and May 2023Technical reportUnited StatesSymantecNot availableTaiwan
09 Oct 2023 Jordanian hacking group targeted Israeli Ono Academic College, leaking hundreds of thousands of records in October 2023Self-attributionJordanNot availableJordanIsrael
08 Oct 2023 Hacktivist group 'Anonymous Sudan' disrupted website of Israel's Jerusalem Post beginning on 7 October 2023Self-attributionNot availableAnonymous SudanNot availableIsrael
08 Oct 2023 Hacktivist group ThreatSec disrupted 5,000 servers of Internet service provider Alfanet in Gaza Strip in October 2023Self-attributionNot availableThreatSecNot availablePalestine
08 Oct 2023 Hacktivist group AnonGhost hacked Israeli rocket alert app RedAlert on 8 October 2023Self-attributionNot availableAnonGh0stNot availableIsrael
05 Oct 2023 Chinese state-sponsored threat actors targeted semiconductor industry in East Asia beginning in August 2023Technical reportNetherlandsEclecticIQChinaTaiwan
05 Oct 2023 Unspecified China-aligned hacking group gained access to Guyanese government entity's network and stole information in February 2023Technical reportSlovakiaESETChinaGuyana
05 Oct 2023 Criminal group RansomedVC gained access to web server of hosting provider DataNet and stole voter data of District of Columbia Board of Elections (DCBOE)Self-attributionNot availableRansomed.vcNot availableUnited States
05 Oct 2023 'Rhysida' ransomware gang disrupted administration of City of Gondomar in Portugal in September 2023Self-attributionNot availableRhysida Ransomware GroupNot availablePortugal
04 Oct 2023 ALPHV/BlackCat Ransomware Group Compromised Systems and Stole Data from US-Based Non-Profit Healthcare Provider McLaren Health Care starting on 28 July 2023Self-attributionNot availableBlackCat/ALPHVNot availableUnited States
04 Oct 2023 Unspecified Chinese state-sponsored hacking group targeted foreign ministry of ASEAN member state and organisations in MongoliaTechnical reportUnited StatesElastic Security LabsChinaSoutheast Asia (region)
04 Oct 2023 Pro-Ukrainian hacktivist group 'Hdr0' defaced website of Russian Red Cross on 4 October 2023Self-attributionNot availablehdr0UkraineRussia
04 Oct 2023 'Rhysida' ransomware gang breached Migration Agency of Dominican Republic on 14 September 2023Self-attributionNot availableRhysida Ransomware GroupNot availableDominican Republic
03 Oct 2023 Ransomware group 'Cuba' targeted Rock County Public Health Department with ransomware on 29 September 2023Self-attributionNot availableCuba RansomwareNot availableUnited States
02 Oct 2023 Chinese state-sponsored hacking group 'APT41' distributed surveillance malware via messenger apps Technical reportNetherlandsThreat FabricChinaChina
01 Oct 2023 Ransomware group 'LockBit' carried out ransomware attack against Fauquier County public school district in Virginia, USA, in September 2023Self-attributionRussiaLockBitRussiaUnited States
01 Oct 2023 Hacktivist group 'Sylhet Gang' disrupted website of Tel Aviv Sourasky Medical CenterMedia-attributionNot availableNot availableNot availableIsrael
01 Oct 2023 'KillNet' conducted DDoS attack against official website of UK royal family on 1 October 2023Self-attributionNot availableKillnetRussiaUnited Kingdom
01 Oct 2023 Unknown hacker breached Taiwanese networking equipment manufacturer D-linkSelf-attributionNot availableNot availableNot availableTaiwan
01 Oct 2023 Unknown hackers gained access to Clark County School District's email servers in Nevada in October 2023Self-attributionNot availableSingularityMDNot availableUnited States
01 Oct 2023 Alleged Ukrainian hacktivist group Hassle Bros gained access to Spotify accounts of several Russian musicians spreading pro-Ukrainian messages beginning in October 2023Self-attributionNot availableHassle BrosUkraineRussia
29 Sep 2023 Ransomware group 'Medusa' suspected of hitting Auckland Transport with DDoS attack beginning on 29 September 2023Other attributionNew ZealandAuckland TransportNot availableNew Zealand
29 Sep 2023 North Korean state-sponsored hacking group 'Lazarus' gained access to network of unspecified Spanish aerospace company beginning in 2022Technical reportSlovakiaESETKorea, Democratic People's Republic ofSpain
29 Sep 2023 Iranian State-Sponsored Hacking Group 'APT34' targeted Saudi-based victims with new Menorah malware in cyber espionage campaign beginning in August 2023Technical reportJapanTrend MicroIran, Islamic Republic ofSaudi Arabia
28 Sep 2023 Threat actors RansomedVC and MajorNelsen claimed to have stolen data from Japanese electronics company SonySelf-attributionNot availableRansomedVCNot availableJapan
28 Sep 2023 Chinese threat actor 'Budworm' targeted Middle Eastern telecommunications organisation and Asian government in August 2023Technical reportUnited StatesSymantecChinaAsia (region)
28 Sep 2023 Threat actors RansomedVC and MajorNelsen claimed to have stolen data from Japanese electronics company SonyOther attributionNot availableRansomedVCNot availableJapan
28 Sep 2023 IT Army of Ukraine targeted Russian flight booking system with DDoS attack on 28 September 2023Self-attributionNot availableIT Army of UkraineUkraineRussia
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportJapanCybersecurity and Infrastructure Security Agency (CISA)ChinaUnited States
26 Sep 2023 Threat actors RansomedVC and MajorNelsen claimed to have stolen data from Japanese electronics company SonySelf-attributionNot availableMajorNelsonNot availableJapan
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportUnited StatesNational Security Agency (NSA)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportUnited StatesCybersecurity and Infrastructure Security Agency (CISA)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportJapanNational Security Agency (NSA)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportUnited StatesFederal Bureau of Investigation (FBI)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportJapanFederal Bureau of Investigation (FBI)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportUnited StatesJapan National Policy Agency (NPA)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportJapanJapan National Policy Agency (NPA)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportUnited StatesNational Center of Incident Readiness and Strategy for Cybersecurity (NISC)ChinaUnited States
26 Sep 2023 Chinese threat actor 'BlackTech' targeted international subsidiaries of US and Japanese companies Technical reportJapanNational Center of Incident Readiness and Strategy for Cybersecurity (NISC)ChinaUnited States
26 Sep 2023 Threat actors RansomedVC and MajorNelsen claimed to have stolen data from Japanese electronics company SonyOther attributionNot availableMajorNelsonNot availableJapan
22 Sep 2023 Hacker group 'GELSEMIUM' gained access to networks of unspecified Southeast Asian government and collected intelligence from Microsoft IIS servers beginning in the third quarter of 2022Technical reportUnited StatesPalo Alto Networks Unit 42Not availableSoutheast Asia (region)
22 Sep 2023 Chinese state-sponsored hacking group 'Alloy Taurus' gained access to networks of unspecified Southeast Asian government beginning in January 2022Technical reportUnited StatesPalo Alto Networks Unit 42ChinaSoutheast Asia (region)
22 Sep 2023 Chinese state-sponsored hacking group 'Stately Taurus' gained access to networks of unspecified Southeast Asian government and stole sensitive documents beginning in second quarter of 2021Technical reportUnited StatesPalo Alto Networks Unit 42ChinaSoutheast Asia (region)
22 Sep 2023 US city of Wheat Ridge targeted by BlackCat ransomware in August 2022Other attributionUnited StatesAmanda Harrison (Spokeswoman of Wheat Ridge)RussiaUnited States
22 Sep 2023 Emirati state-sponsored hacking group 'Stealth Falcon' compromised unspecified government entity in the Middle East using Deadglyph backdoorTechnical reportSlovakiaESETUnited Arab EmiratesMiddle East (region)
21 Sep 2023 Suspected pro-Russia hacking group attacked Estonian railroad company Elron and its provider Ridango with DDoS attack on 20 September 2023Unofficial policy attributionEstoniaEstonian Information System Authority (RIA)RussiaEstonia
21 Sep 2023 Unattributed actors disrupted Bermudian government IT systems beginning 20 September 2023Official policy attributionBermudaDavid Burt (Premier of Bermuda)RussiaBermuda
21 Sep 2023 Ransomware group 'Monti' targeted Auckland University of Technology in 2023Self-attributionNot availableMonti Ransomware GroupNot availableNew Zealand
21 Sep 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportGermanyQGroupChinaWestern Europe
21 Sep 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportUnited StatesQGroupChinaWestern Europe
21 Sep 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportUnited StatesSentinelOneChinaWestern Europe
21 Sep 2023 'Sandman' APT targeted telecommunication providers in Europe, South Asia and Middle East in August 2023Technical reportGermanySentinelOneChinaWestern Europe
19 Sep 2023 China-linked hacker group 'UNC53' gained access to systems of 29 organizations worldwide since the beginning of 2022Technical reportUnited StatesMandiantChinaGhana
19 Sep 2023 Chinese threat actor 'TAG-74' conducted cyber espionage campaigns targeting South Korean academic institutionsTechnical reportUnited StatesRecorded FutureChinaKorea, Republic of
18 Sep 2023 Chinese-speaking threat actor gained access to websites of e-commerce sites and point-of-sale providers in Asia and North and Latin America since October 2022Technical reportUnited StatesBlackBerry Research and Intelligence TeamAsia (region)Canada
17 Sep 2023 Pro-Russia hacking group 'NoName057(16)' suspected of targeting Canada Border Services Agency (CBSA) with DDoS attack on 17 September 2023Self-attributionNot availableNoName057(16)Not availableCanada
14 Sep 2023 Financially-motivated hacking group 'UNC3944' stole data and deployed ransomware against a variety of targets in mid-2023Technical reportUnited StatesMandiantNot availableNot available
14 Sep 2023 Financially-motivated hacking group 'UNC3944' stole data from unspecified telecoms companies and business process outsourcers (BPOs) beginning in 2022Technical reportUnited StatesMandiantNot availableNot available
14 Sep 2023 Cybercrime group RansomHouse suspected of targeting telecommunications provider IFX Networks, causing paralysis of over 30 government websites in Colombia and numerous other Latin American countries on 12 September 2023Unofficial policy attributionColombiaSaul Kattan (High Presidential Adviser for Digital Transformation, Colombia)Not availableColombia
14 Sep 2023 Iranian state-sponsored hacking group Peach Sandstorm aka HOLMIUM gained access to various organisations globally beginning in February 2023Technical reportUnited StatesMicrosoftIran, Islamic Republic ofGlobal (region)
14 Sep 2023 Unknown actors gained access to Auckland Transport HOP ticketing system in New ZealandOther attributionAustraliaDean Kimpton (Chief Executive of Auckland Transport, Australia)Not availableNew Zealand
13 Sep 2023 'NoName057(16)' took down websites of Québec government in DDoS attack on 12-13 September 2023Unofficial policy attributionCanadaGovernment Cyber Defence Centre (CGCD) of QuebecRussiaCanada
13 Sep 2023 'NoName057(16)' took down websites of Québec government in DDoS attack on 12-13 September 2023Unofficial policy attributionCanadaEric Caire (Member of the National Assembly of Quebec and Minister for Cybersecurity and Digital Economy, Canada)RussiaCanada
13 Sep 2023 'NoName057(16)' took down websites of Québec government in DDoS attack on 12-13 September 2023Self-attributionRussiaNoName057(16)RussiaCanada
13 Sep 2023 Unknown government infected mobile phone of Russian journalist Galina Timchenko with Pegasus spyware on 10 February 2023Technical reportGlobal (region)CitizenLabNot availableLatvia
13 Sep 2023 Unknown government infected mobile phone of Russian journalist Galina Timchenko with Pegasus spyware on 10 February 2023Technical reportCanadaCitizenLabNot availableLatvia
13 Sep 2023 Unknown government infected mobile phone of Russian journalist Galina Timchenko with Pegasus spyware on 10 February 2023Technical reportGlobal (region)Access NowNot availableLatvia
13 Sep 2023 Unknown government infected mobile phone of Russian journalist Galina Timchenko with Pegasus spyware on 10 February 2023Technical reportCanadaAccess NowNot availableLatvia
12 Sep 2023 Chinese APT group 'Redfly' compromised organisation responsible for national grid in Asian country beginning on 28 February 2023Technical reportUnited StatesSymantecNot availableAsia (region)
11 Sep 2023 Iranian APT 'Charming Kitten' gained access to exchange servers of 34 primarily israeli organizations beginning in March 2021 Technical reportSlovakiaESETIran, Islamic Republic ofIsrael
10 Sep 2023 Rhysida ransomware group launched targeted cyberattack on US hospital network Singing River Health System in August 2023Self-attributionNot availableRhysida Ransomware GroupNot availableUnited States
09 Sep 2023 Pakistani hacktivists 'Team Insane PK' disrupted websites of Delhi and Mumbai Police on 8 September 2023Self-attributionPakistanTeam Insane PKPakistanIndia
07 Sep 2023 US aeronautical organisation infiltrated by nation-state threat actors tracing back to January 2023Technical reportUnited StatesCyber National Mission Force (CNMF)Iran, Islamic Republic ofUnited States
07 Sep 2023 US aeronautical organisation infiltrated by nation-state threat actors tracing back to January 2023Technical reportUnited StatesFederal Bureau of Investigation (FBI)Iran, Islamic Republic ofUnited States
07 Sep 2023 US aeronautical organisation infiltrated by nation-state threat actors tracing back to January 2023Technical reportUnited StatesCybersecurity and Infrastructure Security Agency (CISA)Iran, Islamic Republic ofUnited States
06 Sep 2023 Criminal group encrypted internal data of St. Augustine Academy (UK) on 6 September 2023Official policy attributionUnited KingdomJason Feldwick (Principal of St Augustine Academy, United Kingdom)Not availableUnited Kingdom
06 Sep 2023 Ransomware group 'Lockbit' disrupted Seville City Council's computer systems beginning on 5 September 2023Unofficial policy attributionSpainJuan Bueno (Councillor for Finance and Digital Transformation of Seville, Spain)RussiaSpain
06 Sep 2023 Ransomware group 'Lockbit' disrupted Seville City Council's computer systems beginning on 5 September 2023Unofficial policy attributionSpainNot availableRussiaSpain
06 Sep 2023 Ransomware group 'Lockbit' disrupted Seville City Council's computer systems beginning on 5 September 2023Unofficial policy attributionSpainJuan Bueno (Councillor for Finance and Digital Transformation of Seville, Spain)RussiaSpain
06 Sep 2023 Ransomware group 'Lockbit' disrupted Seville City Council's computer systems beginning on 5 September 2023Unofficial policy attributionSpainNot availableRussiaSpain
06 Sep 2023 North Korean state-sponsored hacking group APT38 stole $41 million worth of cryptocurrencies from online casino and betting platform Stake.com on or about 4 September 2023Official policy attributionUnited StatesFederal Bureau of Investigation (FBI)Korea, Democratic People's Republic ofNetherlands
04 Sep 2023 Medusa Ransomware Group encrypted servers of French commune of Betton starting on 30 August 2023Self-attributionNot availableMedusa Ransomware GroupNot availableFrance
01 Sep 2023 Chinese APT group 'Twill Typhoon' compromised government machines in Africa and Europe in addition to humanitarian organisations worldwide in April 2023Technical reportUnited StatesMicrosoftChinaGlobal (region)
01 Sep 2023 North-Korean APT group 'Ruby Sleet' targeted Russian aerospace research institute in March 2023Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofRussia
01 Sep 2023 Threat actor identifiying as USDoD gained access to account of Turkish Airline employee to steal personal information on 3,200 sensitive Airbus vendors in August 2023Self-attributionNot availableUSDoDNot availableNetherlands
01 Sep 2023 North Korean state-sponsored APT groups 'Ruby Sleet' and 'Diamond Sleet' compromised two arms manufacturers in Germany and Israel beginning in November 2022Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofGermany
01 Sep 2023 North Korean state-sponsored APT group 'Diamond Sleet' compromised defence companies in several countries in January 2023Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofCzech Republic
01 Sep 2023 Pro-India hacktivist group Indian Cyber Force disrupted access to websites of two Canadian public institutions and Ottawa Hospital with DDoS attacks beginning 26 September 2023Self-attributionIndiaIndian Cyber ForceIndiaCanada
01 Sep 2023 Ransomware group 'Dark Angel' encrypted computers and servers belonging to US building technologies manufacturer Johnson Controls and stole corporate data during 23-24 September 2023Self-attributionNot availableDark Angel Ransomware GroupNot availableUnited States
01 Sep 2023 Ragnar Locker ransomware gang disrupted computer systems of Mayanei Hayeshua Medical Center in Bnei Brak, Israel, beginning on 7 August 2023Self-attributionNot availableRagnar LockerNot availableIsrael
01 Sep 2023 North Korean APT group 'Onyx Sleet' targeted Russian University in March 2023Technical reportUnited StatesMicrosoftKorea, Democratic People's Republic ofRussia
31 Aug 2023 Chinese hacking group APT15 targeted German federal agency in 2021Media-attributionGermanyZDFChinaGermany
31 Aug 2023 Chinese hacking group APT15 targeted German federal agency in 2021Media-attributionGermanyDer StandardChinaGermany
31 Aug 2023 Cybercriminal hacking group Ransomed.VC defaced the Hawaii Department of Health's "Health by Default"-website on 31 August 2023Self-attributionNot availableRansomedVCNot availableUnited States
31 Aug 2023 Chinese hacking group APT15 targeted German federal agency in 2021Media-attributionGermanyDer SpiegelChinaGermany
30 Aug 2023 Chinese state-sponsored hacking group GREF accessed backup data of unspecified Android users and exfiltrated unspecified data through malicious FlyGram app beginning in June 2020Technical reportSlovakiaESETChinaGermany
30 Aug 2023 Chinese state-sponsored hacking group GREF spied on unspecified Android users using malicious Signal plus Messenger app beginning in June 2022Technical reportSlovakiaESETChinaCongo, the Democratic Republic of the
30 Aug 2023 Website of Czech banks and Prague Stock Exchange hit by DDoS attack from Russia-linked NoName057(16)Self-attributionRussiaNoName057(16)RussiaCzech Republic
30 Aug 2023 Lockbit ransomware group stole data from Canada's electricity grid operator Commission des services electriques de Montreal (CSEM) on 3 August 2023Self-attributionNot availableLockbitRussiaCanada
30 Aug 2023 Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) hit by likely China-based hackersOther attributionNot availableNot availableChinaJapan
30 Aug 2023 Cybercriminal hacking group Earth Estries compromised networks of governments and technology companies in several countries beginning as early as 2023Technical reportJapanTrend MicroNot availableTaiwan
29 Aug 2023 Akira ransomware group gained access to Cisco VPN accounts of unnamed companies across different sectors beginning on 30 March 2023Technical reportUnited StatesRapid7Not availableNot available
29 Aug 2023 Lockbit ransomware group gained access to Cisco VPN accounts of unnamed companies across different sectors beginning on 30 March 2023Technical reportUnited StatesRapid7RussiaNot available
29 Aug 2023 Hacktivist group Anonymous Sudan disrupted user access to social media platform X on 29 August 2023Self-attributionSudanAnonymous SudanSudanUnited States
29 Aug 2023 Hacktivist group Anonymous Sudan disrupted user access to social media platform X on 29 August 2023Other attributionSudanAnonymous SudanSudanUnited States
29 Aug 2023 FBI disrupted Qakbot control infrastructure and removed Qakbot malware from infected computersSelf-attributionUnited StatesUS Department of Justice (DoJ)United StatesNot available
29 Aug 2023 FBI disrupted Qakbot control infrastructure and removed Qakbot malware from infected computersSelf-attributionUnited StatesFederal Bureau of Investigation (FBI)United StatesNot available
27 Aug 2023 Pro-Russia Net-Worker Alliance targets website of Groningen Airport Eelde with DDoS attackSelf-attributionNot availableNet-Worker AllianceNot availableNetherlands
24 Aug 2023 North Korean hacking group 'Lazarus' targeted internet infrastructure and healthcare entities in Europe and the US since early 2023Technical reportUnited StatesCisco Talos IntelligenceKorea, Democratic People's Republic ofEurope (region)
24 Aug 2023 Chinese nation-state hacking group 'Flax Typhoon' gained access to networks of Taiwanese organisation across all industriesTechnical reportUnited StatesMicrosoftChinaTaiwan
23 Aug 2023 Hacktivist 'HommedeLombre' compromised French energy company Engie and leaked personal data of 110,000 customers on 23 August 2023Self-attributionNot availableHommedeLombreNot availableFrance
22 Aug 2023 Hacker group 'CosmicBeetle' gained access to networks of various targets in different countries and deployed Scarab ransomware beginning in May 2020Technical reportSlovakiaESETNot availableThailand
22 Aug 2023 North Korean state-sponsored hacking group Lazarus suspected of stealing nearly $60m from payment processing platform Alphapo on 23 July 2023Official policy attributionUnited StatesFederal Bureau of Investigation (FBI)Korea, Democratic People's Republic ofSt. Vincent and the Grenadines
22 Aug 2023 North Korean state-sponsored hacking group Lazarus potentially responsible for stealing $100 million by compromising cryptocurrency wallet platform Atomic Wallet in June 2023Official policy attributionUnited StatesFederal Bureau of Investigation (FBI)Korea, Democratic People's Republic ofEstonia
22 Aug 2023 North Korean hacking group 'Lazarus' targeted cryptocurrency payments platform CoinsPaid on 22 July 2023Official policy attributionUnited StatesFederal Bureau of Investigation (FBI)Korea, Democratic People's Republic ofEstonia
20 Aug 2023 Ransomware group 'Medusa' encrypted work and backup servers of French municipality of Sartrouville beginning on 17 August 2023Self-attributionNot availableMedusa Ransomware GroupNot availableFrance
19 Aug 2023 Iranian state-sponsored hacking group 'Charming Kitten' gained access to emails of Iranian expat Dr. Mansour Sohrabi beginning in October 2022Other attributionNot availableNot availableIran, Islamic Republic ofGermany
17 Aug 2023 'Scattered Spider' gained access to telecommunication and other business process outsorcing organizations networks in December 2022Technical reportUnited StatesTrellixNot availableNot available
17 Aug 2023 'Play' ransomware group comromised Managed Service Providers to gain access to targets from various sectors since June 2022Technical reportUnited StatesAdluminNot availableNot available
17 Aug 2023 US-based critical infrastructure organization and Latin American IT integrator targeted by Cuba ransomware in June 2023Technical reportUnited StatesBlackBerry Research and Intelligence TeamRussiaSouth America
13 Aug 2023 Russia-linked ransomware group 'Lockbit' stole 10 GB worth of information from UK security fence manufacturer Zaun beginning on 5 August 2023Self-attributionNot availableLockbitRussiaUnited Kingdom
13 Aug 2023 Financially-politically motivated threat actor breached Discord.io custom invite service in August 2023Self-attributionNot availableAkhiraNot availableUnited States
10 Aug 2023 Ransomware gang 'Akira' gained access to 85GB of data from US-based Belt Railway Company of Chicago in August 2023Self-attributionNot availableAkira Ransomware GroupNot availableUnited States
10 Aug 2023 Cyberespionage group MoustachedBouncer compromised diplomats from various foreign embassies in Belarus using custom malware strains since 2017 and adversary-in-the-middle attacks since 2020Technical reportSlovakiaESETBelarusSouth Asia (region)
10 Aug 2023 Unknown threat actor deployed DroxiDat backdoor alongside Cobalt Strike Beacons in a south African nation's critical infrastructure in March 2023Technical reportRussiaKasperskyNot availableSouth Africa
08 Aug 2023 Chinese state-sponsored hacking group RedHotel compromised Vietnam's Institute on State Organizational Sciences to use government infrastructure for malware command and controlTechnical reportUnited StatesRecorded FutureChinaVietnam
08 Aug 2023 Chinese state-sponsored hacking group 'RedHotel' compromised a variety of targets across 17 countries beginning in 2021Technical reportUnited StatesRecorded FutureChinaHong Kong
08 Aug 2023 State-sponsored Chinese hacker group Budworm gained access to networks of targets in the US, Middle East and Southeast Asia since April 2022Technical reportUnited StatesRecorded FutureChinaSoutheast Asia (region)
07 Aug 2023 North Korean threat actors compromised computer networks of Russian missile engeneering firm NPO Mashinostroyeniya in May 2022Technical reportUnited StatesSentinelOneKorea, Democratic People's Republic ofRussia
07 Aug 2023 Hackers from China's People's Liberation Army gained access to classified Japanese defense networks beginning in fall 2020Other attributionUnited StatesNational Security Agency (NSA)ChinaJapan
07 Aug 2023 Ukrainian hacktivists gained access to the Moscow Register of Deeds (MosgorBTI) website and defaced it overnight beginning on 6 August 2023Self-attributionUkraineNot availableUkraineRussia
06 Aug 2023 Ukrainian hacktivists gained access to the Moscow Register of Deeds (MosgorBTI) website and defaced it overnight beginning on 6 August 2023Self-attributionUkraineNot availableUkraineRussia
06 Aug 2023 Tools of cybercriminal group 'W3LL' leveraged to compromise corporate Microsoft 365 accounts in phishing operation beginning In October 2022Technical reportSingaporeGroup-IBNot availableSwitzerland
01 Aug 2023 Lockbit hit French regional agency Île-de-France Nature with ransomware attack and leaked data in August 2023 Self-attributionRussiaLockBitRussiaFrance
01 Aug 2023 Pro-Russian hacking group 'NoName057(16)' targeted several Italian banks with DDoS attacks on 1 August 2023Self-attributionNot availableNoName057(16)RussiaItaly
31 Jul 2023 Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of several Italian transport companies on 31 July 2023Self-attributionNot availableNoName057(16)RussiaItaly
30 Jul 2023 Medusa ransomware group gained access to network of St. Landry Parish School Board on 25 July 2023Self-attributionNot availableMedusa Ransomware GroupNot availableUnited States
29 Jul 2023 Engineer at Tennessee Arnold Air Force Base (AAFB) gained unauthorised access to Air Education and Training Command (AETC) radio communications technology and stole unspecified informationUnofficial policy attributionUnited StatesUS Department of Justice (DoJ)United StatesUnited States
29 Jul 2023 Iranian hacktivist group 'Cyber Avengers' allegedly disrupted website of Israeli oil processing and petrochemical company BAZAN Group during 28-30 July 2023Self-attributionIran, Islamic Republic ofCyber Avengers / Cyber Av3ngersIran, Islamic Republic ofIsrael
28 Jul 2023 North Korean state-sponsored hacking group Labyrinth Chollima gained access to network of unnamed Latin American banking company using QRLOG malware beginning in January 2023Technical reportUnited StatesCrowdStrikeKorea, Democratic People's Republic ofCentral America (region)
27 Jul 2023 Anonymous Sudan claims responsibility for DDoS-attacks against Kenya's eCitizen portal since 23 July 2023 Self-attributionAnonymous SudanNot availableKenya
26 Jul 2023 State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in ChinaTechnical reportChinaWuhan Municipal Emergency Management BureauNot availableChina
26 Jul 2023 State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in ChinaTechnical reportChinaNational Computer Virus Emergency Response Center (CVERC)Not availableChina
26 Jul 2023 State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in ChinaTechnical reportChinaQihoo 360Not availableChina
26 Jul 2023 State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in ChinaUnofficial policy attributionChinaWuhan Municipal Emergency Management BureauNot availableChina
26 Jul 2023 State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in ChinaUnofficial policy attributionChinaNational Computer Virus Emergency Response Center (CVERC)Not availableChina
26 Jul 2023 State-sponsored hacker groups targeted Wuhan Earthquake Monitoring Center in ChinaUnofficial policy attributionChinaQihoo 360Not availableChina
26 Jul 2023 Hacking group 'Thesnake02' stole and exposed sensitive data from Brazilian plastic surgery clinic on 26 July 2023Self-attributionNot availableThesnake02Not availableBrazil
25 Jul 2023 Ransomware group 'Medusa' targeted UAE-based manufacturing company Levare International Ltd. with ransomware and DDoS attacks since 25 July 2023 Self-attributionNot availableMedusa Ransomware GroupNot availableUnited Arab Emirates
25 Jul 2023 Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of various Spanish media outlets on 25 July 2023Self-attributionRussiaNoName057(16)RussiaSpain
24 Jul 2023 Hacktivist group 'SiegedSec' claimed theft of leaked NATO data on 24 July 2023Self-attributionNot availableSiegedSecNot availableNATO (region)
24 Jul 2023 State-sponsored North Korean hacker group 'Lazarus' leveraged Windows IIS web servers to distribute malware exploiting INISAFE Crossweb EX V6 softwareTechnical reportJapanAhnLabKorea, Democratic People's Republic ofKorea, Republic of
23 Jul 2023 North Korean state-sponsored hacking group Labyrinth Chollima gained access to command framework of US cloud directory provider JumpCloud beginning on 22 June 2023Technical reportUnited StatesMandiantKorea, Democratic People's Republic ofNot available
23 Jul 2023 Pro-Russian hacktivist group 'NoName057(16)' disrupted websites of Spanish state institutions and transport companies on 23 July 2023Self-attributionRussiaNoName057(16)RussiaSpain
20 Jul 2023 Chinese state-sponsored hacking group 'APT31' stole unspecified data from industrial organisation in Eastern Europe in 2022Technical reportRussiaKasperskyChinaEastern Europe
20 Jul 2023 North Korean state-sponsored hacking group Labyrinth Chollima gained access to command framework of US cloud directory provider JumpCloud beginning on 22 June 2023Technical reportUnited StatesCrowdStrikeKorea, Democratic People's Republic ofNot available
20 Jul 2023 North Korean state-sponsored hacking group Labyrinth Chollima gained access to command framework of US cloud directory provider JumpCloud beginning on 22 June 2023Technical reportUnited StatesSentinelOneKorea, Democratic People's Republic ofNot available
20 Jul 2023 North Korean state-sponsored hacking group Labyrinth Chollima gained access to command framework of US cloud directory provider JumpCloud beginning on 22 June 2023Technical reportUnited StatesMandiantKorea, Democratic People's Republic ofNot available
19 Jul 2023 Russian state-sponsored hacker group Turla aka Secret Blizzard gained access to Ukrainian and Eastern European defence sectors using the CAPIBAR malware and the KAZUAR backdoorTechnical reportUnited StatesMicrosoftRussiaEastern Europe
19 Jul 2023 Alleged Russian false-flag operation 'Anonymous Sudan' targeted OnlyFans with DDoS on 19 July 2023 Self-attributionNot availableAnonymous SudanRussiaUnited Kingdom
18 Jul 2023 Russian state-sponsored hacker group Turla aka Secret Blizzard gained access to Ukrainian and Eastern European defence sectors using the CAPIBAR malware and the KAZUAR backdoorOfficial policy attributionUkraineCERT-UARussiaEastern Europe
18 Jul 2023 Chinese cyber-crime group 'Space Pirates' targeted Russian and Serbian public and private entities from June 2022 until July 2023Technical reportRussiaPositive TechnologiesChinaRussia
17 Jul 2023 Pro-Russian hacker group 'NoName057(16)' disrupted website of the Parliament of New Zealand in July 2023Self-attributionRussiaNoName057(16)RussiaNew Zealand
17 Jul 2023 Russian-language cybercriminal group RedCurl gained access to shared network drive of major Russian bank beginning in November 2022Technical reportRussiaF.A.C.C.T.Not availableRussia
12 Jul 2023 North Korean state-sponsored hacking group Labyrinth Chollima gained access to command framework of US cloud directory provider JumpCloud beginning on 22 June 2023Other attributionUnited StatesJumpCloudKorea, Democratic People's Republic ofNot available
11 Jul 2023 Chinese threat actor Storm-0558 gained access to email accounts of about 25 organisations, including government agencies, starting on 15 May 2023Technical reportUnited StatesMicrosoftChinaNot available
09 Jul 2023 Unnamed Cyber Criminals Exploited Flaw in Revolut's Payment Systems Resulting in $20 Million Theft in Early 2022Other attributionUnited KingdomFinancial TimesNot availableUnited Kingdom
06 Jul 2023 Iranian state-sponsored hacking group 'TA453' aka 'Charming Kitten' gained access to computers of experts in nuclear proliferation policy and Middle Eastern affairs using Gorjol Echo backdoor beginning in mid-May 2023Technical reportUnited StatesProofpointIran, Islamic Republic ofUnited States
05 Jul 2023 Unknown affiliate of ransomware group Cyclops gained access to network of Atherfield Medical & Skin Cancer Clinic in Australia and stole patient informationSelf-attributionNot availableCyclopsNot availableAustralia
04 Jul 2023 Russian ransomware group 'LockBit 3.0' suspected of targeting the Nagoya Port Unified Terminal System (NUTS) of the Japanese Nagoya Harbor Transport Association on 4 July 2023Self-attributionNot availableLockbit 3.0Not availableJapan
01 Jul 2023 Hacktivist group SiegedSec targeted satellite receivers and and deleted accounts to monitor satellite receivers through customer portal of ITC GlobalSelf-attributionNot availableSiegedSecNot availableUnited States
01 Jul 2023 Rhysida Ransomware Group targeted University of the West of Scotland In July 2023Self-attributionNot availableRhysida Ransomware GroupNot availableUnited Kingdom
30 Jun 2023 Japanese technology company Fujitsu was hacked in December 2022, leaving customer data at riskUnofficial policy attributionJapanUnnamed Japanese Government OfficialsChinaJapan
30 Jun 2023 Unknown foreign government spies targeted British government in June 2003Official policy attributionUnited KingdomCommunications-Electronic Security Group (CESG)Not availableUnited Kingdom
30 Jun 2023 Unknown foreign government spies targeted British government in June 2003Official policy attributionUnited KingdomUnited Kingdom’s National Cyber Security Centre (NCSC)Not availableUnited Kingdom
29 Jun 2023 'Rhysida' ransomware group targeted the services of the city council of Arganda on 27 June 2023Media-attributionSpainDiario de ArgandaNot availableSpain
29 Jun 2023 Ransomware group 'LockBit' suspected of having stolen system information from Taiwanese cloud computing service provider Kinmax Technology's internal testing environment in June 2023Self-attributionNot availableLockBitRussiaTaiwan
28 Jun 2023 Unnamed hackers attack Russian satellite telecommunications provider Dozor in support of Wagner GroupOther attributionNot availableNot availableNot availableNot available
28 Jun 2023 Unnamed hackers attack Russian satellite telecommunications provider Dozor in support of Wagner GroupSelf-attributionNot availableNot availableNot availableNot available
28 Jun 2023 Unnamed hackers attack Russian satellite telecommunications provider Dozor in support of Wagner GroupSelf-attributionNot availableNot availableNot availableNot available
28 Jun 2023 Unnamed hackers attack Russian satellite telecommunications provider Dozor in support of Wagner GroupSelf-attributionNot availableNot availableNot availableNot available
28 Jun 2023 Ransomware group 'LockBit' suspected of having stolen system information from Taiwanese cloud computing service provider Kinmax Technology's internal testing environment in June 2023Self-attributionNot availableBassterlordRussiaTaiwan
28 Jun 2023 Subgroup of North Korean state-sponsored hacking group 'Lazarus', 'Andariel', infected unidentified victim with new malware family EarlyRATTechnical reportRussiaKasperskyKorea, Democratic People's Republic ofNot available
28 Jun 2023 Suspected hacktivist group SiegedSec targeted US state government institutions in June 2023Self-attributionNot availableSiegedSecNot availableUnited States
26 Jun 2023 Russian hackers gained access to a single-digit number of email inboxes of board members of the Social Democratic Party of Germany (SPD) in January 2023Other attributionGermanyKevin Kühnert (General Secretary of the Social Democratic Party of Germany (SPD), Germany)RussiaGermany
26 Jun 2023 Russian hackers gained access to a single-digit number of email inboxes of board members of the Social Democratic Party of Germany (SPD) in January 2023Technical reportUnited StatesMicrosoftRussiaGermany
25 Jun 2023 Hacking group 'Medusa' attacked the Matej-Bel University (UMB) of Slovakia in June 2023Self-attributionNot availableMedusa Ransomware GroupNot availableSlovakia
24 Jun 2023 Rhysida ransomware group stole personal data from Lumberton Independent School DistrictSelf-attributionNot availableRhysida Ransomware GroupNot availableUnited States
24 Jun 2023 Iranian state-sponsored hacking group APT34 gained access to the network of an unspecified UAE government agency using the PowerExchange backdoor in 2022Technical reportUnited StatesFortinetIran, Islamic Republic ofUnited Arab Emirates
23 Jun 2023 BlackCat/AlphV ransomware group gained access to servers of Bangladesh Agricultural (Krishi) Bank (BKB) and disrupted operational software in June 2023Self-attributionNot availableBlackCat/ALPHVNot availableBangladesh
23 Jun 2023 Rhysida ransomware group conducted cyber attack on Stephen F. Austin State University in Texas in June 2023Self-attributionUnited StatesRhysidaNot availableUnited States
23 Jun 2023 US hacktivist group SiegedSec attacked administrative website of the City of Fort Worth in Texas in June 2023Self-attributionNot availableSiegedSecNot availableUnited States
22 Jun 2023 Chinese state-sponsored hacking group VANGUARD PANDA aka Volt Typhoon gained access to computers systems of multiple high-value targetsTechnical reportUnited StatesCrowdStrikeChinaNot available
22 Jun 2023 USB Stick used inadvertently in Camaro Dragon campaign to accidentally attack European healthcare institutionTechnical reportIsraelCheck Point ResearchChinaNot available
21 Jun 2023 North Korean state-sponsored hacking group APT37 stole data from and wiretapped unspecified South Korean individuals using information stealer FadeStealer in May 2023Technical reportKorea, Republic ofAhnLabKorea, Democratic People's Republic ofKorea, Republic of
21 Jun 2023 North Korean state-sponsored hacking group Kimsuky stole documents from unspecified victims in May 2023Technical reportKorea, Republic ofAhnLabKorea, Democratic People's Republic ofNot available
21 Jun 2023 Unknown actor gained access to server at the Basile Diagnostic Center for Nuclear Medicine in Naples and stole patient data in June 2023Other attributionItalyBasile Diagnostic Center for Nuclear MedicineNot availableItaly
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUnited StatesRecorded FutureRussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUnited StatesCERT-UARussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUkraineCERT-UARussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUnited StatesRecorded FutureRussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUkraineRecorded FutureRussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUnited StatesCERT-UARussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUkraineCERT-UARussiaUkraine
20 Jun 2023 Russian state-sponsored hacking group APT28 gained access to Roundcube servers of various Ukrainian targets using three vulnerabilities beginning in March 2023Technical reportUkraineRecorded FutureRussiaUkraine
19 Jun 2023 Pro-Russian Hacktivists Target website of the European Investment Bank with DDoS Attack on 19 June 2023Self-attributionRussiaKillnetRussiaEU (region)
19 Jun 2023 'NoEscape' conducted ransomware attack against Hawaii Community College on 13 June 2023Self-attributionNot availableNoEscape Ransomware GroupNot availableUnited States
16 Jun 2023 TimisoaraHackerTeam ransomware group targeted an unnamed Cancer Center in the US in June 2023Technical reportUnited States US Department of Health and Human ServicesNot availableUnited States
16 Jun 2023 Indian APT 'DoNot' targeted Pakistani indivduals using malicious appsTechnical reportSingaporeCyfirmaIndiaPakistan
16 Jun 2023 Hacking group 'NoName' conducted DDoS attacks against IT systems of the swiss canton Nidwalden on 16 June 2023 Self-attributionRussiaNoName057(16)RussiaSwitzerland
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65

The table above displays details on all the attributions added to the EuRepoC database within the last six months.

Notes on methodology

All attribution data comes from the EuRepoC data set. In contrast to the Attribution Dashboard, the Attribution Tracker takes into account all attributions of each cyber incident, not just their “settled attributions,” which are determined for the clear assignment of attacker and victim information in the Dashboard. Each attribution recorded by EuRepoC made by a specific actor, in a specific state, in a specific form, and which assigns a cyber incident to an actor in a state, is counted individually.

The classification of attribution types is inspired by Lee 2023 for the political responsibility attributions and simplifies the EuRepoC category system as follows:

EuRepoC Coding
Types of attribution
Attribution basis:
Not available
Unattributed
Attribution basis:
Attacker confirms
Self-attribution
Attribution type:
Not available
Unattributed
Attribution type:
Attribution given, type unclear
Unknown
Attribution type:
Self-attribution in the course of the attack

Attribution type:
Self-attribution in the course of the attack
Self-attribution
Attribution type:
Media report
Media-based attribution
Attribution basis:
Receiver government/state entity OR EU institution/agency
AND
Attribution type:
Direct statement in media report
Unofficial policy attribution
Attribution basis:
Receiver government/state entity OR EU institution/agency
AND
Attribution type:
Anonymous statement in media report
Unofficial policy attribution
Attribution type:
Technical report
Technical attribution
Attribution basis
IT-security community attributes attacker
AND
Attribution type:
Direct statement in media report
Technical attribution
Attribution type:
Political statement/report
Official policy attribution
Attribution basis:
Receiver government/state entity OR EU institution/agency
AND
Attribution type:
Technical report
Official policy attribution
Attribution type:
Domestic legal action
Legal attribution
  • 1

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.