On 23 November 2022, the University of Applied Sciences in the city of Ulm, Germany, made public a cyber attack and data theft that targeted it on 12 November. The university and its network were disconnected from the internet after a cyber attack alert. Cybercriminals allegedly broke into the university's databases and it turned out that the names and email addresses of university members had been accessed without authorisation.   Read more about it : here

On December 15, 2022, the cybercriminal ransomware group ViceSociety claimed responsibility for an attack on the "Universidad Catolica Portuguesa", a concordat of universities whose centre is located in Lisbon. The other universities in the concordat are located in Braga, Porto and Viseu. ViceSociety claims to have stolen a number of data, but does not specify whether the victim's networks were affected by the attack. For the moment, no statement seems to have been published by the university itself, its website being accessible but not broadcasting any news about the attack.  Read more about it : here

On 8 December 2022, the criminal group Kelvin Security claimed to have carried out a cyber attack on the website of Alessia Mosca, a former Italian politician. They claim to have stolen private messages, user information, passwords and personal data from the site's databases. The attack reportedly left no trace of compromise.  The private messages may contain sensitive confidential information about the organisations where she has worked, such as the Italian government, the European Parliament and the MEPs. Finally, the personal data collected on the site could be used to target other people in further phishing campaigns. Read more about it : here

According to news reports of 28 November 2022, on 15 November 2002, cyber-attackers attacked the computer systems of the Saint-Doulchard oncology centre in France and then demanded a ransom. Medical and radiotherapy activities at the centre were suspended from 15 to 18 November due to lack of computer resources. Eventually, chemotherapy treatments were resumed, but not radiotherapy. According to the medical centre, no personal patient data was stolen.  Read more about it : here

On December 22, 2022, the German industrial company Technolite based in Grossenlüder felt victim of a cyber attack. Most of the employees were sent home because they are currently unable to work on the internal networks and the entire IT department of the company was affected by the attack. It is possible that this was a ransomware attack, which is common in this type of industry. However, no claims have been published for the moment. The impact of this attack seems to be serious. Indeed, on a technical level, the internal computer systems of the company are a priori completely blocked, which suggests a ransomware type attack. The operational activities of the company are probably stopped, its employees having been sent home, possibly causing financial losses, as some orders cannot be honoured. In addition, during the attack it is possible that data was stolen by the attacker. The next step is for a cyber group to claim responsibility for the attack. 

On December 6, 2022, the French ambulance agency "les trois cantons" located in the commune of Peyrehorade, France, was attacked. The employees reported that a ransom note had been sent to them and that all their databases had disappeared. To compensate for this loss, the agency printed out its diary up to and including Saturday 10 December so as not to lose its appointments. Nevertheless, they would have lost their entire database, including their client contacts.   Read more about it : here

According to a report dated 6 December 2022, the attack on the French hospital André Mignot located in Versailles was carried out using ransomware containing the same computer traces as the well-known LockBit Black ransomware. In addition, the Tor addresses of the storefront and negotiation sites listed in the ransom notes are indeed those of the LockBit 3.0 franchise, but none of the decryption credentials are recognised.  It is likely that this attack was carried out by another group than LockBit, but that it used the same tools, leaving the same trace. Indeed, in September, it was noted that following an internal conflict within the group, the LockBit builder had been leaked on the net and thus made freely available to anyone wishing to build their own ransomware with this technical base. It is therefore likely that one of these projects was successful and that a new actor attempted a large-scale attack with this LockBit-based ransomware. Read more about it : here

On 4 November 2022, the cybercriminal group LockBit 3.0 ransomware revealed a second wave of attack claims targeting three European companies and organisations, among others. This second wave of claims follows the first one on 29 October. The companies affected are as follows:  Hettich, a manufacturing company from Netherland  Continental, an IT provider company from Germany  Tekniplex, an industrial of advanced plastic & rubber polymer technology company, from Belgium.  These four companies were added to the victims at the same time, and each has between 1 and 9 days to meet LockBit's requirements. The impact of this attack could be significant for businesses and have a high financial cost if they agree to pay the ransom. The data stolen or the status of the companies' platforms has not been disclosed, but it is assumed that some of the victims' connected work features will be unusable.  Read more about it : here, here, here and here

On November 11, 2022, the cyber criminal group ViceSociety claimed responsibility for a ransomware attack against Rhein-Pfalz-Kreis, a German district in Rhineland-Palatinate. According to an official statement from the district, the attack took place on October 24, 2022. The district's website "https://www.rhein-pfalz-kreis.de/" is currently still inaccessible and indicates that it is unreachable following a cyber attack.  Read more about it : here

On 8 November 2022, the departmental council of Seine et Marne in France announced that its IT infrastructure was unusable and blocked. Despite the intervention of a crisis unit, the department announced that it would not be able to resume normal activity for at least 6 weeks.   IT staff were forced to shut down the servers that were attacked to prevent further damage. Departmental staff are unable to receive or send emails or access their internal files, which puts the administration in difficulty in providing social services to citizens.  Read more about it : here