Europe News

On 5 December 2022, the new cybercriminal group Play Ransomware claimed to have launched an attack against the Vienna-based technology company Austria Presse Agentur. The attack reportedly took place on 28 November 2022 and they managed to extract 80 GB of data. The data is said to contain personal data, project documents and financial information. No details are given on the ransom demanded.   Read more about it : here

On December 13, 2022, a cyber intrusion attack was detected in the computer systems of the municipalities of Mörbylånga and Borgholm in Sweden. In response, a crisis management unit was reportedly activated, but the attack still caused the municipality's network connection to the internet to be disabled. Mörbylånga's website and email are down. However, the Borgholm website is managed externally, so it is up and running and the emails are working. For the moment, no details on the type of attack or the systems affected have been released. However, given the post attack reaction of the municipality it is possible that it is a ransomware attack.   Read more about it : here

On 8 December 2022, the pro-Russian hacktivist group Noname057 claimed to have launched a DDoS attack on the websites of the Greek Ministry of Defence, the Ministry of Defence of the Czech Republic and the Ministry of Defence of Croatia. The attack is part of the KillNet sphere's campaign of attacks in their cyber war of attrition against European governments.  Read more about it : here

According to a report on 15 December 2022, the Vjw0rm malware is currently being used in a phishing campaign targeting Italy. The emails in these attacks impersonate a beauty product vendor and hide the malware in a js file in a "rar" attachment named "$38,570 detailed invoice payment". Vjw0rm is a hybrid modular/RAT worm that has three main capabilities: information theft, denial of service (DOS) and self-propagation. In the latter case, it copies itself throughout the operating system and boot folder and can spread via removable devices such as USB sticks.  Read more about it : here

On 6 December 2022, the Play Ransomware group added several organisations and companies to its list of victims, three of which are European. Among the claims are "Skoda Praha", an energy company in the Czech Republic, Husinec, a municipality in the Czech Republic and Wrota Mazowza, a mapping service in Poland. The release dates of the data were announced for between the 14th and 16th, without indicating the type of data that had been stolen. The Wrota Mazowza website is unavailable, suggesting a more violent attack.   Read more about it : here

On 23 November 2022, the University of Applied Sciences in the city of Ulm, Germany, made public a cyber attack and data theft that targeted it on 12 November. The university and its network were disconnected from the internet after a cyber attack alert. Cybercriminals allegedly broke into the university's databases and it turned out that the names and email addresses of university members had been accessed without authorisation.   Read more about it : here

On December 15, 2022, the cybercriminal ransomware group ViceSociety claimed responsibility for an attack on the "Universidad Catolica Portuguesa", a concordat of universities whose centre is located in Lisbon. The other universities in the concordat are located in Braga, Porto and Viseu. ViceSociety claims to have stolen a number of data, but does not specify whether the victim's networks were affected by the attack. For the moment, no statement seems to have been published by the university itself, its website being accessible but not broadcasting any news about the attack.  Read more about it : here

On November 5, 2022, an unknown threat actor announced on a hacker forum on the darkweb that the German company Scm-Pc-Card and the website of Evas Schatztruhe had suffered major data breach that would have affected about 1900 users for Scm-Pc-Card, and 1400 users for Evas Schatztruhe. The stolen data includes phone numbers, physical addresses, email addresses and password hashes for Scm-Pc-Card. For Evas Schatztruhe, the stolen data includes Nicknames, Usernames, UID, User Country, User Websites, User Email and Passwords.No details are given in the claim as to how the data was obtained, but it is announced that the data will be made available online for free. The impact of this attack could be significant for the users of the companies site who thus see their data exposed, with now a risk of possible future phishing campaigns or other various attacks more serious and more malicious than the original leak.  Read more about it : here and here

On 10 November 2022, the AlphV ransomware group added the French company Conforama to its list of victims. Conforama is a major European home furnishings retailer. The group claims to have stolen 1 terabyte of data, including financial documents, customer credit card data, marketing data, analytical strategies, logistics data, but also personal data of customers. The group has given Conforama 48 hours to contact them or all the data will be published and used for malicious purposes.  Read more about it : here

On 8 November 2022, the cybercriminal group BlackBasta, which specialises in ransomware, claimed responsibility for an attack on the wholesale company Metro. The data they claimed to have stolen contained ID cards, agreements and passports. Metro's IT infrastructure was effectively blocked by the attack and the company was experiencing problems with in-store payments and delivery of online orders.  Read more about it : here