On 05 November 2022, all trains operated by DSB, the country's largest rail operating company, were stopped for several hours.   According to a DSB press release, the security incident originated at Supeo, another Danish company that provides various services to railway companies and other public and private transport organisations. The attack was therefore not directly directed against DSB but probably against this service provider. Indeed, Supeo provides DSB with a train driver application to access essential operational information when operating railway lines. The service provider suddenly decided to shut down its servers following the security incident, blocking the services they provide and forcing the drivers to stop. The nature of the cyber attack has not yet been communicated by Supeo, which is probably awaiting the conclusions of the cyber research teams. Supeo's response methodology suggests that they were trying to prevent malware from spreading across their various working platforms. This is a classic reaction to a ransomware attack to freeze the situation and prevent it from escalating. It is possible that a claim of attack will soon appear on one of the leak sites of a ransomware group.  Read more about it : here

On Monday 10 October 2022, the management of the French department of Seine Maritime issued a press release announcing that its networks would be cut off and that its services would be severely degraded. An investigation was opened by the cybercrime prosecutor's office for cyberattacks. Although no ransom demand has been communicated for the moment, the modus operandi of the attack strongly suggests ransomware. While it will still be possible to deal with the department by telephone and on paper, many online services, particularly for disabled people, will remain offline for an indefinite period, which will have a significant impact on many citizens of Seine-Maritime.  Read more about it : here  

One of the spokesmen for the pro-Ukraine hacktivist group TeamOneFist claimed responsibility for a major attack on the Russian satellite network "Gonets" during the "Pleiades" cyberoperation. The attack would have disabled the satellite network.  He claims to have penetrated the CRM/customer database, which is referenced by the network in order to send/receive messages. Having failed to download the database, which was under heavy surveillance, the group decided to destroy it without being detected.  From this data, the group discovered that the Gonets network was used by 97 organizations to transmit sensitive data, including fishing companies, energy companies and the FSB.  Read more about it : here

On 6 November 2022, the pro-Russian hacktivist group KillNet launched a campaign of DDoS attacks on the websites of the intelligence services and state committees of several Baltic states. The targets include Estonia, Poland, Romania, Bulgaria and Moldova. KillNet claims responsibility for these attacks, considering the Baltic states as rotten states. As the targeted sites are the platforms of several entities of possible intelligence interest, it is likely that this prevented some services from working during the time of the attack. During this time, the impact was likely to be significant for those affected services, which may not have been able to connect to the platforms.  Read more about it : here

On 16 October 2022, the website of the Bulgarian presidency as well as the websites of the Ministry of Defence, the Ministry of the Interior, the Ministry of Justice and the Constitutional Court were hit by a DDoS attack originating from Russia and more specifically from the city of Magnitogorsk.  Bulgarian Prosecutor General Ivan Geshev called the attack a "serious problem" and an "attack on the Bulgarian state".  Following this, in a statement from the Russian KillNet-affiliated hacktivist group "Anonymous russia", the Russian hacker KillMilk said that the attacks were carried out under his supervision against "the corrupt state of Bulgaria".  Read more about it : here

The pro-Russian hacktivist groups "We are Clowns" and "Phoenix" have jointly stated in a statement that they will target the Russian region of Dagestan in future attacks. The reason for these attacks is that Dagestan is contesting the war in Ukraine and if the government cannot stop it, they will. The threats made by pro-Russian hacktivists against parts of their own country are evidence of the disorganization of some cyber groups and the possible laissez-faire attitude of the Russian government towards the repression of dissent in Russia itself.  Read more about it : here

On 3 November 2022, the computer systems of the Office Hydraulique de Corse were hit by a ransomware attack. All network and computer systems were blocked and a ransom was demanded without the amount being communicated to the public. According to the office's press release, 33 servers were affected by this attack. No details on the group behind the attack have been released yet. The impact of this attack is potentially severe. Indeed, if these computer systems are completely locked, it is likely that some of the water services management systems will be difficult to use or even unusable, forcing the management teams to work in a degraded manner.  Read more about it : here

According to the media outlet Ransomwaremap, the cybercriminal group LockBit 3.0 claimed responsibility for a ransomware attack against the Czech security and weapons production company "DSS" on 16 September. The company has until 23 September to pay the ransom and recover 200 gigabytes of stolen data. According to LockBit, the data contains arms contracts and customer data of DSS.  Read more about it : here

According to a press release dated 16 October 2022 from the French community of communes "Entre Bièvre et Rhône", the network called "Ecume" used to link the media libraries together suffered a cyber attack on Thursday 13 October. As a result, the network will be unavailable for an indefinite period of time, preventing access to all the services normally provided.  Read more about it : here

A new group of pro-Russian hacktivists emerged via an attack claim on 5 October 2022. The group calls itself "We are Clowns" and claims to have launched a DDoS attack against the website of the Human Rights Centre in Slovakia. The group also stated the duration of the attack when it was carried out, namely two hours. The creation of this group and its attack on a Slovakian site is part of a new campaign by various Russian groups targeting countries supporting Ukraine's membership of NATO. Read more about it : here