Europe News

According to news reports of 28 November 2022, on 15 November 2002, cyber-attackers attacked the computer systems of the Saint-Doulchard oncology centre in France and then demanded a ransom. Medical and radiotherapy activities at the centre were suspended from 15 to 18 November due to lack of computer resources. Eventually, chemotherapy treatments were resumed, but not radiotherapy. According to the medical centre, no personal patient data was stolen.  Read more about it : here

On December 22, 2022, the German industrial company Technolite based in Grossenlüder felt victim of a cyber attack. Most of the employees were sent home because they are currently unable to work on the internal networks and the entire IT department of the company was affected by the attack. It is possible that this was a ransomware attack, which is common in this type of industry. However, no claims have been published for the moment. The impact of this attack seems to be serious. Indeed, on a technical level, the internal computer systems of the company are a priori completely blocked, which suggests a ransomware type attack. The operational activities of the company are probably stopped, its employees having been sent home, possibly causing financial losses, as some orders cannot be honoured. In addition, during the attack it is possible that data was stolen by the attacker. The next step is for a cyber group to claim responsibility for the attack. 

On December 6, 2022, the French ambulance agency "les trois cantons" located in the commune of Peyrehorade, France, was attacked. The employees reported that a ransom note had been sent to them and that all their databases had disappeared. To compensate for this loss, the agency printed out its diary up to and including Saturday 10 December so as not to lose its appointments. Nevertheless, they would have lost their entire database, including their client contacts.   Read more about it : here

According to a report dated 6 December 2022, the attack on the French hospital André Mignot located in Versailles was carried out using ransomware containing the same computer traces as the well-known LockBit Black ransomware. In addition, the Tor addresses of the storefront and negotiation sites listed in the ransom notes are indeed those of the LockBit 3.0 franchise, but none of the decryption credentials are recognised.  It is likely that this attack was carried out by another group than LockBit, but that it used the same tools, leaving the same trace. Indeed, in September, it was noted that following an internal conflict within the group, the LockBit builder had been leaked on the net and thus made freely available to anyone wishing to build their own ransomware with this technical base. It is therefore likely that one of these projects was successful and that a new actor attempted a large-scale attack with this LockBit-based ransomware. Read more about it : here

On 9 December 2022, the websites of the French cities of Caen and Rouen, in France, were hit by a cyber attack. Indeed, according to a press release from the regional council, since the night of 8 December, the local authority has noticed that a certain number of servers have been abnormally saturated. In addition, all access to the computer network has been blocked in order to prevent the threat from spreading. For the time being, the council has announced that this attack will not affect the services offered by the town halls of the affected cities.  Read more about it : here

On 6 December 2022, the cybercriminal ransomware group Hive added the French retail chain Intersport to its list of victims. The group claims to have carried out the attack on 23 November. No details are given on the nature of the stolen data or whether it was actually revealed. Intersport has not made any statement on this new claim by the group. Intersport had said in November: "Dear customers, we are currently facing a cyber attack on Intersport's servers that prevents us from accessing our cash registers, loyalty card service and gift card service.   Read more about it : here

According to a report on December 13, 2022, a new Formbook campaign is underway using Libyan oil companies to spread. The campaign is said to use phishing emails and has already hit Italy. The malicious emails contain 4 images and a pdf. When opening the pdf, the recipient is asked to open a link that downloads an executable which turns out to be malware. The email used is a forged email from a Libyan oil company and the link attached to it points to a URL from which the exe file "Req for Quote" is downloaded. Then Formbook, thanks to the keylogger function, is able to acquire everything the user types.   Read more about it : here

On November 11, 2022, the threat actor "0x_dump" claimed to have hacked the multinational investment bank "Deutsche Bank" and allegedly offered access to its network for sale online.  The attacker claims to have access to about 21,000 machines on the bank's network, most of which are Windows systems, and says he has gained access to chat services used for internal communications. It also allegedly stole 16 terabytes of data. The access is for sale for 7.5 bitcoins which is approximately $156,274.  Read more about it : here

On 8 November 2022, the telecommunications company Orange informed its Spanish customers that one of its suppliers had suffered a cyber security breach. One of the affected subcontractors is believed to be a debt collection service and has had data exfiltrated about some of the company's buyers. Although the number of customers affected is unknown at this time, all affected customers have reportedly been notified of the leak via email or SMS. The data stolen from the subcontractor is said to contain the full name, postal address, telephone number, email, DNI/NIE numbers, delivery date, nationality and IBAN code of the current account of some buyers.  Read more about it : here

On 22 November 2022, the pro-Russian hacktivist group KillNet announced that it had launched a series of DDoS attacks against several official websites in Britain. The sites affected were: the Royal Family website, the London Stock Exchange website, the BacsUK website and the British Army website. During the attack, all sites were accessible from the US, but the British Army site appeared to be under maintenance.  Read more about it : here