On 8 December 2022, the criminal group Kelvin Security claimed to have carried out a cyber attack on the website of Alessia Mosca, a former Italian politician. They claim to have stolen private messages, user information, passwords and personal data from the site's databases. The attack reportedly left no trace of compromise.  The private messages may contain sensitive confidential information about the organisations where she has worked, such as the Italian government, the European Parliament and the MEPs. Finally, the personal data collected on the site could be used to target other people in further phishing campaigns. Read more about it : here

According to news reports of 28 November 2022, on 15 November 2002, cyber-attackers attacked the computer systems of the Saint-Doulchard oncology centre in France and then demanded a ransom. Medical and radiotherapy activities at the centre were suspended from 15 to 18 November due to lack of computer resources. Eventually, chemotherapy treatments were resumed, but not radiotherapy. According to the medical centre, no personal patient data was stolen.  Read more about it : here

On December 22, 2022, the German industrial company Technolite based in Grossenlüder felt victim of a cyber attack. Most of the employees were sent home because they are currently unable to work on the internal networks and the entire IT department of the company was affected by the attack. It is possible that this was a ransomware attack, which is common in this type of industry. However, no claims have been published for the moment. The impact of this attack seems to be serious. Indeed, on a technical level, the internal computer systems of the company are a priori completely blocked, which suggests a ransomware type attack. The operational activities of the company are probably stopped, its employees having been sent home, possibly causing financial losses, as some orders cannot be honoured. In addition, during the attack it is possible that data was stolen by the attacker. The next step is for a cyber group to claim responsibility for the attack. 

On December 6, 2022, the French ambulance agency "les trois cantons" located in the commune of Peyrehorade, France, was attacked. The employees reported that a ransom note had been sent to them and that all their databases had disappeared. To compensate for this loss, the agency printed out its diary up to and including Saturday 10 December so as not to lose its appointments. Nevertheless, they would have lost their entire database, including their client contacts.   Read more about it : here

According to a report dated 6 December 2022, the attack on the French hospital André Mignot located in Versailles was carried out using ransomware containing the same computer traces as the well-known LockBit Black ransomware. In addition, the Tor addresses of the storefront and negotiation sites listed in the ransom notes are indeed those of the LockBit 3.0 franchise, but none of the decryption credentials are recognised.  It is likely that this attack was carried out by another group than LockBit, but that it used the same tools, leaving the same trace. Indeed, in September, it was noted that following an internal conflict within the group, the LockBit builder had been leaked on the net and thus made freely available to anyone wishing to build their own ransomware with this technical base. It is therefore likely that one of these projects was successful and that a new actor attempted a large-scale attack with this LockBit-based ransomware. Read more about it : here

On 8 November 2022, the pro-Russian hacktivist group Noname05716 claimed responsibility for a DDoS attack on the login page of the Nenetsky Institute of Experimental Biology website of the Polish Academy of Science. It is likely that this attack prevented people working at the institute from logging in for some time. This attack is part of a campaign of attacks by pro-Russian groups on Eastern European countries because of their commitment to the war in Ukraine against Russia.  Read more about it : here

On 21 November 2022, the Spanish Ministry of Economy and Digital Transformation has suffered a cyber attack. Indeed, employees reportedly found that their computer equipment was acting independently of their will. This suggests that attackers were able to carry out an intrusion attack, possibly using phishing as the initial entry point, and then drop a malicious payload allowing them to control the compromised computer remotely via the SARA network.  The SARA network is the internal network of public institutions that allows for the rapid exchange of data between different departments. This type of network is often easy to use and considered by employees as a safe tool that they do not need to be wary of. Therefore, it is the perfect interface for an attacker to spread a malicious payload: fast, discreet and affecting all branches of public organisations.  This attack was possibly aimed at espionage or data theft, as according to the media investigating the attack, the targeted sector was the analysis department, where all economic forecasts are produced and distributed. For the moment it is not yet possible to know whether data was stolen, or who was behind the attack.  Nevertheless, it is likely that the attackers were not careful in their operation, as being detected by using live interfaces of a computer in use by employees crystallises a lack of professionalism.  In parallel, it is noted that during October 2022, the General Council of the Judiciary detected a cyber attack that affected the Judicial Neutral Point (JNP), the telecommunications network that connects the judicial bodies to other state institutions.   Read more about it : here

On 4 November 2022, the cybercriminal group LockBit 3.0 ransomware revealed a second wave of attack claims targeting three European companies and organisations, among others. This second wave of claims follows the first one on 29 October. The companies affected are as follows:  Hettich, a manufacturing company from Netherland  Continental, an IT provider company from Germany  Tekniplex, an industrial of advanced plastic & rubber polymer technology company, from Belgium.  These four companies were added to the victims at the same time, and each has between 1 and 9 days to meet LockBit's requirements. The impact of this attack could be significant for businesses and have a high financial cost if they agree to pay the ransom. The data stolen or the status of the companies' platforms has not been disclosed, but it is assumed that some of the victims' connected work features will be unusable.  Read more about it : here, here, here and here

On November 11, 2022, the cyber criminal group ViceSociety claimed responsibility for a ransomware attack against Rhein-Pfalz-Kreis, a German district in Rhineland-Palatinate. According to an official statement from the district, the attack took place on October 24, 2022. The district's website "https://www.rhein-pfalz-kreis.de/" is currently still inaccessible and indicates that it is unreachable following a cyber attack.  Read more about it : here

On 8 November 2022, the departmental council of Seine et Marne in France announced that its IT infrastructure was unusable and blocked. Despite the intervention of a crisis unit, the department announced that it would not be able to resume normal activity for at least 6 weeks.   IT staff were forced to shut down the servers that were attacked to prevent further damage. Departmental staff are unable to receive or send emails or access their internal files, which puts the administration in difficulty in providing social services to citizens.  Read more about it : here