Europe News

On 6 November 2022, the pro-Russian hacktivist group KillNet launched a campaign of DDoS attacks on the websites of the intelligence services and state committees of several Baltic states. The targets include Estonia, Poland, Romania, Bulgaria and Moldova. KillNet claims responsibility for these attacks, considering the Baltic states as rotten states. As the targeted sites are the platforms of several entities of possible intelligence interest, it is likely that this prevented some services from working during the time of the attack. During this time, the impact was likely to be significant for those affected services, which may not have been able to connect to the platforms.  Read more about it : here

On 16 October 2022, the website of the Bulgarian presidency as well as the websites of the Ministry of Defence, the Ministry of the Interior, the Ministry of Justice and the Constitutional Court were hit by a DDoS attack originating from Russia and more specifically from the city of Magnitogorsk.  Bulgarian Prosecutor General Ivan Geshev called the attack a "serious problem" and an "attack on the Bulgarian state".  Following this, in a statement from the Russian KillNet-affiliated hacktivist group "Anonymous russia", the Russian hacker KillMilk said that the attacks were carried out under his supervision against "the corrupt state of Bulgaria".  Read more about it : here

Eni, too, after Gse, reports that it was attacked on the IT level. But with minor damage, unlike Gse, which is still down. Various experts suspect an attack from Russia, at a time when energy plays a critical geopolitical role Read more about it : here

According to officials at the Swedish website val.se, the site faced serious technical problems as a result of DDoS cyber attacks from 10 to 11 September.   The head of the authority's secretariat said on 11 September: "There have been three DDoS attacks against val.se, one yesterday and two today. The most recent one is still ongoing.  During the elections, the Swedish regional governments also reportedly experienced problems with their telecommunication facilities, but this did not disrupt the elections or their outcome.  Read more about it : here

According to the cyber media, the cyber actor PoCExploiter has announced that the telecommunications operator Vodafone Italy has had approximately 309 gigabytes of data stolen. This data may already be exposed on the net, although no information is available at the moment to confirm this. Read more about it : here

On 14 September 2022, LockBit 3.0 claimed responsibility for a ransomware attack on the French online company artdis.fr. The company specialises in express delivery throughout France and Europe, storage, order picking and redistribution. The data will be released on 29 September if the ransom is not paid.  No information on the nature of the data has yet been provided.  Read more about it : here

The company OrangeCyberFR has confirmed the publication of a file containing the personal information of several hundred French customers, which is currently being sold on a deep web forum.  Read more about it : here

According to the CyberKnow media, the pro-Russian hacktivist group called "noname05716" has claimed responsibility on its telegram channel for a series of cyber attacks on Lithuanian government websites, presumably in response to Lithuania's anti-Russian policies. These attacks continue to be part of large-scale cyber campaigns organised by pro-Russian groups in order to affect the morale of the populations of opposing countries such as European countries.  Read more about it : here

Dutch police have arrested a 39-year-old man accused of laundering crypto-currencies worth tens of millions of euros. The suspect allegedly used phishing lures to deploy data-stealing malware on victims' computers. In the early morning of 6 September, the suspect was arrested in the village of Veenendaal for money laundering, based on police tracking of bitcoin transactions.  "The funds were stolen using a malicious software update claiming to be from the Electrum open source wallet," according to the press release According to the release, law enforcement was able to track the suspect by following the stolen cryptocurrencies using a malicious software update for the Electrum wallet, a popular open source Bitcoin wallet application that allows users to safely manage their digital assets.  Read more about it : here

The RagnarLocker ransomware group has finally disclosed the personal information of around 9,000 customers of TAPAir, the Portuguese airline, including customers' names, dates of birth, addresses, nationalities, genders, emails, loyalty IDs and phone numbers. No information has been released about any ransom negotiations.  Read more about it : here