On 8 December 2022, the criminal group Kelvin Security claimed to have carried out a cyber attack on the website of Alessia Mosca, a former Italian politician. They claim to have stolen private messages, user information, passwords and personal data from the site's databases. The attack reportedly left no trace of compromise.  The private messages may contain sensitive confidential information about the organisations where she has worked, such as the Italian government, the European Parliament and the MEPs. Finally, the personal data collected on the site could be used to target other people in further phishing campaigns. Read more about it : here

According to news reports of 28 November 2022, on 15 November 2002, cyber-attackers attacked the computer systems of the Saint-Doulchard oncology centre in France and then demanded a ransom. Medical and radiotherapy activities at the centre were suspended from 15 to 18 November due to lack of computer resources. Eventually, chemotherapy treatments were resumed, but not radiotherapy. According to the medical centre, no personal patient data was stolen.  Read more about it : here

On December 22, 2022, the German industrial company Technolite based in Grossenlüder felt victim of a cyber attack. Most of the employees were sent home because they are currently unable to work on the internal networks and the entire IT department of the company was affected by the attack. It is possible that this was a ransomware attack, which is common in this type of industry. However, no claims have been published for the moment. The impact of this attack seems to be serious. Indeed, on a technical level, the internal computer systems of the company are a priori completely blocked, which suggests a ransomware type attack. The operational activities of the company are probably stopped, its employees having been sent home, possibly causing financial losses, as some orders cannot be honoured. In addition, during the attack it is possible that data was stolen by the attacker. The next step is for a cyber group to claim responsibility for the attack. 

On December 6, 2022, the French ambulance agency "les trois cantons" located in the commune of Peyrehorade, France, was attacked. The employees reported that a ransom note had been sent to them and that all their databases had disappeared. To compensate for this loss, the agency printed out its diary up to and including Saturday 10 December so as not to lose its appointments. Nevertheless, they would have lost their entire database, including their client contacts.   Read more about it : here

According to a report dated 6 December 2022, the attack on the French hospital André Mignot located in Versailles was carried out using ransomware containing the same computer traces as the well-known LockBit Black ransomware. In addition, the Tor addresses of the storefront and negotiation sites listed in the ransom notes are indeed those of the LockBit 3.0 franchise, but none of the decryption credentials are recognised.  It is likely that this attack was carried out by another group than LockBit, but that it used the same tools, leaving the same trace. Indeed, in September, it was noted that following an internal conflict within the group, the LockBit builder had been leaked on the net and thus made freely available to anyone wishing to build their own ransomware with this technical base. It is therefore likely that one of these projects was successful and that a new actor attempted a large-scale attack with this LockBit-based ransomware. Read more about it : here

On 4 November 2022, the cybercriminal group LockBit 3.0 ransomware revealed a second wave of attack claims targeting three European companies and organisations, among others. This second wave of claims follows the first one on 29 October. The companies affected are as follows:  Hettich, a manufacturing company from Netherland  Continental, an IT provider company from Germany  Tekniplex, an industrial of advanced plastic & rubber polymer technology company, from Belgium.  These four companies were added to the victims at the same time, and each has between 1 and 9 days to meet LockBit's requirements. The impact of this attack could be significant for businesses and have a high financial cost if they agree to pay the ransom. The data stolen or the status of the companies' platforms has not been disclosed, but it is assumed that some of the victims' connected work features will be unusable.  Read more about it : here, here, here and here

On November 11, 2022, the cyber criminal group ViceSociety claimed responsibility for a ransomware attack against Rhein-Pfalz-Kreis, a German district in Rhineland-Palatinate. According to an official statement from the district, the attack took place on October 24, 2022. The district's website "https://www.rhein-pfalz-kreis.de/" is currently still inaccessible and indicates that it is unreachable following a cyber attack.  Read more about it : here

On 8 November 2022, the departmental council of Seine et Marne in France announced that its IT infrastructure was unusable and blocked. Despite the intervention of a crisis unit, the department announced that it would not be able to resume normal activity for at least 6 weeks.   IT staff were forced to shut down the servers that were attacked to prevent further damage. Departmental staff are unable to receive or send emails or access their internal files, which puts the administration in difficulty in providing social services to citizens.  Read more about it : here

On 22 November 2022, a cybercriminal identified as "Diana" posted the database of the German company schutznetze24 on a leaky forum. The company is a manufacturer of wire mesh for a variety of uses, from hanging livestock feed to securing construction sites. It claims to have 266,000 user records, including user ID, name, email address, password, etc.   Read more about it : here

On 3 November 2022, the ransomware cybercrime group Hive Ransomware posted the Italian company Landi Renzo as a victim on its "HiveLeak" website. The attack is believed to have taken place on 18 October. Some of the company's servers were reportedly rendered unavailable by the attack and Landi Renzo was forced to call in a task force of cyber experts to investigate the damage. It is believed that although the damage temporarily halted production lines, automatic data backups worked and allowed IT staff to get the systems up and running again. Curtrently Landi Renzo is the world leader in the design and integration of fleet and passenger vehicle systems powered by eco-friendly fuel. The impact of this attack is significant. Although the teams have the capacity to repair the computer damage, production lines have been shut down as a result of the attack, likely resulting in financial losses and delays in customer contracts. These delays and security problems may result in a loss of reputation with partners and potential future customers.  Read more about it : here