Europe News

According to a report on 15 December 2022, the Vjw0rm malware is currently being used in a phishing campaign targeting Italy. The emails in these attacks impersonate a beauty product vendor and hide the malware in a js file in a "rar" attachment named "$38,570 detailed invoice payment". Vjw0rm is a hybrid modular/RAT worm that has three main capabilities: information theft, denial of service (DOS) and self-propagation. In the latter case, it copies itself throughout the operating system and boot folder and can spread via removable devices such as USB sticks.  Read more about it : here

On 6 December 2022, the Play Ransomware group added several organisations and companies to its list of victims, three of which are European. Among the claims are "Skoda Praha", an energy company in the Czech Republic, Husinec, a municipality in the Czech Republic and Wrota Mazowza, a mapping service in Poland. The release dates of the data were announced for between the 14th and 16th, without indicating the type of data that had been stolen. The Wrota Mazowza website is unavailable, suggesting a more violent attack.   Read more about it : here

On 23 November 2022, the University of Applied Sciences in the city of Ulm, Germany, made public a cyber attack and data theft that targeted it on 12 November. The university and its network were disconnected from the internet after a cyber attack alert. Cybercriminals allegedly broke into the university's databases and it turned out that the names and email addresses of university members had been accessed without authorisation.   Read more about it : here

On December 15, 2022, the cybercriminal ransomware group ViceSociety claimed responsibility for an attack on the "Universidad Catolica Portuguesa", a concordat of universities whose centre is located in Lisbon. The other universities in the concordat are located in Braga, Porto and Viseu. ViceSociety claims to have stolen a number of data, but does not specify whether the victim's networks were affected by the attack. For the moment, no statement seems to have been published by the university itself, its website being accessible but not broadcasting any news about the attack.  Read more about it : here

On 8 December 2022, the criminal group Kelvin Security claimed to have carried out a cyber attack on the website of Alessia Mosca, a former Italian politician. They claim to have stolen private messages, user information, passwords and personal data from the site's databases. The attack reportedly left no trace of compromise.  The private messages may contain sensitive confidential information about the organisations where she has worked, such as the Italian government, the European Parliament and the MEPs. Finally, the personal data collected on the site could be used to target other people in further phishing campaigns. Read more about it : here

According to news reports of 28 November 2022, on 15 November 2002, cyber-attackers attacked the computer systems of the Saint-Doulchard oncology centre in France and then demanded a ransom. Medical and radiotherapy activities at the centre were suspended from 15 to 18 November due to lack of computer resources. Eventually, chemotherapy treatments were resumed, but not radiotherapy. According to the medical centre, no personal patient data was stolen.  Read more about it : here

On December 22, 2022, the German industrial company Technolite based in Grossenlüder felt victim of a cyber attack. Most of the employees were sent home because they are currently unable to work on the internal networks and the entire IT department of the company was affected by the attack. It is possible that this was a ransomware attack, which is common in this type of industry. However, no claims have been published for the moment. The impact of this attack seems to be serious. Indeed, on a technical level, the internal computer systems of the company are a priori completely blocked, which suggests a ransomware type attack. The operational activities of the company are probably stopped, its employees having been sent home, possibly causing financial losses, as some orders cannot be honoured. In addition, during the attack it is possible that data was stolen by the attacker. The next step is for a cyber group to claim responsibility for the attack. 

On 15 November 2022, the pro-Russian hacktivist group KIlNet called on its affiliates to carry out a DDoS attack campaign on all possible organisations and entities in Poland and keep them inaccessible until 20 November 2022. In order to select targets, Killnet advises to perform a google search including "Online Poland, Login Poland, Poland commerce Online, Poland Health, Poland gov".  Read more about it : here

On November 5, 2022, the cybercriminal group BlackByte ransomware added the Swedish company Peterson & Hansson Byggnads to the list of its victims on its website. This construction company is based in Falkenberg and the data allegedly stolen from it includes invoices, employment contracts, and other administrative documents. No details on the damage caused by the ransomware have yet been communicated, and the company's site is still accessible. However, it is possible that some systems for making appointments, orders or even the means of communication have been affected. The impact would then be significant for the image of the company.  Read more about it : here

On 9 November 2022, starting at 11pm, a large-scale DDoS attack targeted the Polish website of the Institute of National Remembrance for several hours. On 10 November it was accessible again. The attack is believed to have taken down the websites linked to the Institute's homepage but spared the acrhives website. After investigation, it seems that the first attempts to attack the site failed on the morning of the 9th before resuming in the evening.  Read more about it : here