Europe News

According to a report dated 6 December 2022, the attack on the French hospital André Mignot located in Versailles was carried out using ransomware containing the same computer traces as the well-known LockBit Black ransomware. In addition, the Tor addresses of the storefront and negotiation sites listed in the ransom notes are indeed those of the LockBit 3.0 franchise, but none of the decryption credentials are recognised.  It is likely that this attack was carried out by another group than LockBit, but that it used the same tools, leaving the same trace. Indeed, in September, it was noted that following an internal conflict within the group, the LockBit builder had been leaked on the net and thus made freely available to anyone wishing to build their own ransomware with this technical base. It is therefore likely that one of these projects was successful and that a new actor attempted a large-scale attack with this LockBit-based ransomware. Read more about it : here

On 9 December 2022, the websites of the French cities of Caen and Rouen, in France, were hit by a cyber attack. Indeed, according to a press release from the regional council, since the night of 8 December, the local authority has noticed that a certain number of servers have been abnormally saturated. In addition, all access to the computer network has been blocked in order to prevent the threat from spreading. For the time being, the council has announced that this attack will not affect the services offered by the town halls of the affected cities.  Read more about it : here

On 6 December 2022, the cybercriminal ransomware group Hive added the French retail chain Intersport to its list of victims. The group claims to have carried out the attack on 23 November. No details are given on the nature of the stolen data or whether it was actually revealed. Intersport has not made any statement on this new claim by the group. Intersport had said in November: "Dear customers, we are currently facing a cyber attack on Intersport's servers that prevents us from accessing our cash registers, loyalty card service and gift card service.   Read more about it : here

According to a report on December 13, 2022, a new Formbook campaign is underway using Libyan oil companies to spread. The campaign is said to use phishing emails and has already hit Italy. The malicious emails contain 4 images and a pdf. When opening the pdf, the recipient is asked to open a link that downloads an executable which turns out to be malware. The email used is a forged email from a Libyan oil company and the link attached to it points to a URL from which the exe file "Req for Quote" is downloaded. Then Formbook, thanks to the keylogger function, is able to acquire everything the user types.   Read more about it : here

On 5 December 2022, the new cybercriminal group Play Ransomware claimed to have launched an attack against the Vienna-based technology company Austria Presse Agentur. The attack reportedly took place on 28 November 2022 and they managed to extract 80 GB of data. The data is said to contain personal data, project documents and financial information. No details are given on the ransom demanded.   Read more about it : here

On December 13, 2022, a cyber intrusion attack was detected in the computer systems of the municipalities of Mörbylånga and Borgholm in Sweden. In response, a crisis management unit was reportedly activated, but the attack still caused the municipality's network connection to the internet to be disabled. Mörbylånga's website and email are down. However, the Borgholm website is managed externally, so it is up and running and the emails are working. For the moment, no details on the type of attack or the systems affected have been released. However, given the post attack reaction of the municipality it is possible that it is a ransomware attack.   Read more about it : here

On 8 December 2022, the pro-Russian hacktivist group Noname057 claimed to have launched a DDoS attack on the websites of the Greek Ministry of Defence, the Ministry of Defence of the Czech Republic and the Ministry of Defence of Croatia. The attack is part of the KillNet sphere's campaign of attacks in their cyber war of attrition against European governments.  Read more about it : here

On 23 November 2022, the pro-Russian hacktivist group Noname057 claimed to have launched a series of DDoS attacks on the Polish airport of Rzeszów-Jasionka. As of 17:00, the site was accessible in France but possibly unreachable from other countries and continents.   Read more about it : here

On Monday 7 November 2022, the company Continental acknowledged that following the cyber attack they suffered in August, approximately 40 terabytes of data had been exfiltrated. The investigation by cyber experts after the incident continues as the company also announced that no data had been encrypted, allowing business to continue.  It should be noted that on 4 November, LockBit 3.0 claimed responsibility for an attack on Continental, although it is not known whether this is the same attack as the one that took place in August.  Read more about it : here

On November 12, 2022, the cyber criminal group Kelvin Security claimed on Breach Forums a cyberattack against Norgine Italia. In this claim, it is stated that 3.15 GB of data has been exfiltrated from the system and that this data contains documents of various types, such as PDFs, DOCXs and XLSs. A link has also been provided to contact the seller and make purchase arrangements. This message was not only posted on Breach Forums, but also on the gang's Telegram channels.  Read more about it : here