On November 12, 2022, the cyber criminal group Kelvin Security claimed on Breach Forums a cyberattack against Norgine Italia. In this claim, it is stated that 3.15 GB of data has been exfiltrated from the system and that this data contains documents of various types, such as PDFs, DOCXs and XLSs. A link has also been provided to contact the seller and make purchase arrangements. This message was not only posted on Breach Forums, but also on the gang's Telegram channels.  Read more about it : here

On 9 November 2022, the cybercriminal group Hive ransomware added the Natherland-based company APM Terminals, a harbor operator, subsidiary of Maersk, to its list of victims. No details are given about the nature of the stolen data or the direct consequences of the attack on the company. The attack is believed to have taken place on 17 October and the stolen data will be released on 11 November.  Read more about it : here

On November 8, 2022, cybercriminal ransomware group LockBit 3.0 claimed to have attacked Richard Wolf Gmbh. Some of the company's data is said to be encrypted and the management has until 10 November to comply with LockBit 3.0. Some of the company's data is said to be encrypted and the management has until 10 November to comply with LockBit 3.0. Experts are reportedly working on the company's systems to assess the exact damage.  Read more about it : here

On 15 November 2022, according to a Kaspersky study, North Korean hackers Lazarus are using a new version of the DTrack backdoor to attack organisations in Europe and Latin America.  DTrack is a modular backdoor with a keystroke logger, screenshot logger, browser history retriever, running process spy, IP address logger, network connection information logger and more.  In addition to spying, it can also execute commands to perform file operations, retrieve additional payloads, steal files and data and run processes on the compromised device. Finally, Dtrack hides in an executable that looks like a legitimate program, and there are several decryption steps before the malware payload begins.  Targeted sectors include government research centres, policy institutes, chemical manufacturers, IT service providers, telecommunication providers, utility providers and education.  Read more about it : here

On November 5, 2022, an unknown threat actor announced on a hacker forum on the darkweb that the German company Scm-Pc-Card and the website of Evas Schatztruhe had suffered major data breach that would have affected about 1900 users for Scm-Pc-Card, and 1400 users for Evas Schatztruhe. The stolen data includes phone numbers, physical addresses, email addresses and password hashes for Scm-Pc-Card. For Evas Schatztruhe, the stolen data includes Nicknames, Usernames, UID, User Country, User Websites, User Email and Passwords.No details are given in the claim as to how the data was obtained, but it is announced that the data will be made available online for free. The impact of this attack could be significant for the users of the companies site who thus see their data exposed, with now a risk of possible future phishing campaigns or other various attacks more serious and more malicious than the original leak.  Read more about it : here and here

On 10 November 2022, the AlphV ransomware group added the French company Conforama to its list of victims. Conforama is a major European home furnishings retailer. The group claims to have stolen 1 terabyte of data, including financial documents, customer credit card data, marketing data, analytical strategies, logistics data, but also personal data of customers. The group has given Conforama 48 hours to contact them or all the data will be published and used for malicious purposes.  Read more about it : here

On 8 November 2022, the cybercriminal group BlackBasta, which specialises in ransomware, claimed responsibility for an attack on the wholesale company Metro. The data they claimed to have stolen contained ID cards, agreements and passports. Metro's IT infrastructure was effectively blocked by the attack and the company was experiencing problems with in-store payments and delivery of online orders.  Read more about it : here

On 15 November 2022, the pro-Russian hacktivist group KIlNet called on its affiliates to carry out a DDoS attack campaign on all possible organisations and entities in Poland and keep them inaccessible until 20 November 2022. In order to select targets, Killnet advises to perform a google search including "Online Poland, Login Poland, Poland commerce Online, Poland Health, Poland gov".  Read more about it : here

On November 5, 2022, the cybercriminal group BlackByte ransomware added the Swedish company Peterson & Hansson Byggnads to the list of its victims on its website. This construction company is based in Falkenberg and the data allegedly stolen from it includes invoices, employment contracts, and other administrative documents. No details on the damage caused by the ransomware have yet been communicated, and the company's site is still accessible. However, it is possible that some systems for making appointments, orders or even the means of communication have been affected. The impact would then be significant for the image of the company.  Read more about it : here

On 9 November 2022, starting at 11pm, a large-scale DDoS attack targeted the Polish website of the Institute of National Remembrance for several hours. On 10 November it was accessible again. The attack is believed to have taken down the websites linked to the Institute's homepage but spared the acrhives website. After investigation, it seems that the first attempts to attack the site failed on the morning of the 9th before resuming in the evening.  Read more about it : here