Europe News

On 22 November 2022, a cybercriminal identified as "Diana" posted the database of the German company schutznetze24 on a leaky forum. The company is a manufacturer of wire mesh for a variety of uses, from hanging livestock feed to securing construction sites. It claims to have 266,000 user records, including user ID, name, email address, password, etc.   Read more about it : here

On 3 November 2022, the ransomware cybercrime group Hive Ransomware posted the Italian company Landi Renzo as a victim on its "HiveLeak" website. The attack is believed to have taken place on 18 October. Some of the company's servers were reportedly rendered unavailable by the attack and Landi Renzo was forced to call in a task force of cyber experts to investigate the damage. It is believed that although the damage temporarily halted production lines, automatic data backups worked and allowed IT staff to get the systems up and running again. Curtrently Landi Renzo is the world leader in the design and integration of fleet and passenger vehicle systems powered by eco-friendly fuel. The impact of this attack is significant. Although the teams have the capacity to repair the computer damage, production lines have been shut down as a result of the attack, likely resulting in financial losses and delays in customer contracts. These delays and security problems may result in a loss of reputation with partners and potential future customers.  Read more about it : here

According to an article on the website of the Ukrainian Military Intelligence Directorate, Russian forces are preparing a massive campaign of cyber attacks against critical infrastructure of Ukrainian companies and allies. These attacks should target the energy sector in order to support ballistic strikes in the eastern and southern regions of Ukraine. These attacks will be accompanied by a greater number of DDoS attacks against Ukraine's closest allies, namely Poland and the Baltic States.  Read more about it : here

On 05 November 2022, all trains operated by DSB, the country's largest rail operating company, were stopped for several hours.   According to a DSB press release, the security incident originated at Supeo, another Danish company that provides various services to railway companies and other public and private transport organisations. The attack was therefore not directly directed against DSB but probably against this service provider. Indeed, Supeo provides DSB with a train driver application to access essential operational information when operating railway lines. The service provider suddenly decided to shut down its servers following the security incident, blocking the services they provide and forcing the drivers to stop. The nature of the cyber attack has not yet been communicated by Supeo, which is probably awaiting the conclusions of the cyber research teams. Supeo's response methodology suggests that they were trying to prevent malware from spreading across their various working platforms. This is a classic reaction to a ransomware attack to freeze the situation and prevent it from escalating. It is possible that a claim of attack will soon appear on one of the leak sites of a ransomware group.  Read more about it : here

On Monday 10 October 2022, the management of the French department of Seine Maritime issued a press release announcing that its networks would be cut off and that its services would be severely degraded. An investigation was opened by the cybercrime prosecutor's office for cyberattacks. Although no ransom demand has been communicated for the moment, the modus operandi of the attack strongly suggests ransomware. While it will still be possible to deal with the department by telephone and on paper, many online services, particularly for disabled people, will remain offline for an indefinite period, which will have a significant impact on many citizens of Seine-Maritime.  Read more about it : here  

One of the spokesmen for the pro-Ukraine hacktivist group TeamOneFist claimed responsibility for a major attack on the Russian satellite network "Gonets" during the "Pleiades" cyberoperation. The attack would have disabled the satellite network.  He claims to have penetrated the CRM/customer database, which is referenced by the network in order to send/receive messages. Having failed to download the database, which was under heavy surveillance, the group decided to destroy it without being detected.  From this data, the group discovered that the Gonets network was used by 97 organizations to transmit sensitive data, including fishing companies, energy companies and the FSB.  Read more about it : here

On 6 November 2022, the pro-Russian hacktivist group KillNet launched a campaign of DDoS attacks on the websites of the intelligence services and state committees of several Baltic states. The targets include Estonia, Poland, Romania, Bulgaria and Moldova. KillNet claims responsibility for these attacks, considering the Baltic states as rotten states. As the targeted sites are the platforms of several entities of possible intelligence interest, it is likely that this prevented some services from working during the time of the attack. During this time, the impact was likely to be significant for those affected services, which may not have been able to connect to the platforms.  Read more about it : here

On 16 October 2022, the website of the Bulgarian presidency as well as the websites of the Ministry of Defence, the Ministry of the Interior, the Ministry of Justice and the Constitutional Court were hit by a DDoS attack originating from Russia and more specifically from the city of Magnitogorsk.  Bulgarian Prosecutor General Ivan Geshev called the attack a "serious problem" and an "attack on the Bulgarian state".  Following this, in a statement from the Russian KillNet-affiliated hacktivist group "Anonymous russia", the Russian hacker KillMilk said that the attacks were carried out under his supervision against "the corrupt state of Bulgaria".  Read more about it : here

The pro-Russian hacktivist groups "We are Clowns" and "Phoenix" have jointly stated in a statement that they will target the Russian region of Dagestan in future attacks. The reason for these attacks is that Dagestan is contesting the war in Ukraine and if the government cannot stop it, they will. The threats made by pro-Russian hacktivists against parts of their own country are evidence of the disorganization of some cyber groups and the possible laissez-faire attitude of the Russian government towards the repression of dissent in Russia itself.  Read more about it : here

On 3 November 2022, the computer systems of the Office Hydraulique de Corse were hit by a ransomware attack. All network and computer systems were blocked and a ransom was demanded without the amount being communicated to the public. According to the office's press release, 33 servers were affected by this attack. No details on the group behind the attack have been released yet. The impact of this attack is potentially severe. Indeed, if these computer systems are completely locked, it is likely that some of the water services management systems will be difficult to use or even unusable, forcing the management teams to work in a degraded manner.  Read more about it : here