{ "type": "bundle", "id": "bundle--7958cc8b-67e2-477f-9bcc-8798cd6a34dd", "spec_version": "2.1", "objects": [ { "type": "incident", "id": "admiral--9f5f23c3-349e-4ad0-966c-d9b64dbbe2aa", "created_by_ref": "identity--3cabb1d4-1695-4a1d-adf2-75b8c9120ab6", "created": "1980-06-07T00:00:00Z", "modified": "1980-06-07T00:00:00Z", "name": "Malfunction", "description": "A ferry with a Gross Register Tonnage (GRT) of 10,000, measuring 72.2 m long and 28 m wide, commenced its maiden voyage from Sweden to Syria in May 1980. Owned by a Swedish company and loaded with a significant amount of cargo, its journey included stops in Gibraltar, Crete, and Athens. According to sources, as the ship sailed near Athens, it began experiencing steering problems, originating from a software error in its electronic ballast system. This error led to excess water being pumped into the ballast tanks. By the time it reached Larnaca, Cyprus, on 2 June 1980, the listing issue intensified. To prevent potential harbor obstruction, the vessel was towed about 1 km offshore. Tragically, on 7 June 1980, the situation escalated, and the ship capsized approximately 1500 meters from Larnaca harbor. The consequence of this incident was the sinking of the vessel and a financial loss of an estimated £200 million in cargo.", "sector": "Ship", "incident_type": "Malfunction", "location": { "country": "SE" }, "threat_actor": "Design", "external_references": [ { "source_name": "Reference", "url": "https://en.wikipedia.org/wiki/MS_Zenobia" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--13344f0b-40ae-4784-b1b0-39577cc1dcc3", "created_by_ref": "identity--6ca84cbe-ed18-4d6b-b0f3-b79668be2631", "created": "1998-03-02T00:00:00Z", "modified": "1998-03-02T00:00:00Z", "name": "Denial of service", "description": "The US Navy, with computers stationed at locations including Point Loma, California; Charleston, South Carolina; and Norfolk, Virginia, was reportedly affected by a widespread cyberattack targeting systems running the Microsoft Windows NT and Windows 95 operating systems. This \"denial of service\" event was part of a larger assault that impacted numerous entities throughout the US. Computers potentially experienced system crashes between 8:30 and 10 p.m. on Monday, March 2nd. These crashes might have manifested as either error messages or blank screens. Multiple users could have interpreted these interruptions as standard system hiccups or potential power glitches. The alleged attack, described as a variant of the \"teardrop\" technique, involved sending distorted data packets to targeted machines. Trying to decipher these misleading packets, the computers might have been led to use up excessive memory, ultimately causing system failures. This modified version of the attack seemed to facilitate targeting a vast array of computers simultaneously. While the exact fallout from the attack on the Navy's operations at the aforementioned locations remains speculative, the cyber incident could have presented significant disruptions. The events were likely seen in a serious light, potentially wasting precious time and hampering Navy personnel in their tasks.", "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://news.cornell.edu/stories/1998/03/windows-computers-cornell-attacked-hackers https://www.cnet.com/tech/tech-industry/hackers-attack-nasa-navy/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c73a63b3-bd32-443a-a718-e75d2dde93ee", "created_by_ref": "identity--76812172-bd54-45ec-b878-dd3c752c64d9", "created": "1999-XX-XXT00:00:00Z", "modified": "1999-XX-XXT00:00:00Z", "name": "Intrusion", "description": "In 1999, a UK citizen confessed to illegally accessing U.S. Navy computer systems and was further suspected of infiltrating other state information systems. To address this incident, the U.S. Federal Bureau of Investigation (FBI) closely collaborated with New Scotland Yard in the UK. As a consequence of these intrusions, the individual was handed a sentence equivalent to three years on a probationary status.", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Script Kiddie", "external_references": [ { "source_name": "Reference", "url": "https://archives.fbi.gov/archives/news/testimony/issue-of-intrusions-into-government-computer-networks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5b60b8b3-b4c1-46a2-9a3e-642d008d9178", "created_by_ref": "identity--2709926a-bada-4e27-b751-a812f240d245", "created": "2001-08-XXT00:00:00Z", "modified": "2001-08-XXT00:00:00Z", "name": "Denial of service", "description": "The Port of Houston in Texas ranks as the world's eighth-busiest maritime facility. It manages vast quantities of cargo, notably containers, and is also involved in significant passenger movements, serving as a major hub in the maritime sector. According to sources, the port experienced a distributed denial-of-service (DDoS) attack in August 2001, leading to potential disruptions in its operations. While the exact operational impact remains unclear, reports indicate that a U.S. citizen was subsequently convicted in relation to this cyber event.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "US" }, "threat_actor": "Script Kiddie", "external_references": [ { "source_name": "Reference", "url": "https://www.theregister.co.uk/2003/10/06/uk_teenager_accused_of_electronic/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a2e998ab-2d97-4c68-919a-aac14202c709", "created_by_ref": "identity--f4b6b264-ca54-4485-946a-be5c945fa1e2", "created": "2001-09-20T00:00:00Z", "modified": "2001-09-20T00:00:00Z", "name": "Denial of service", "description": "The Port of Houston in Texas ranks as the world's eighth-busiest maritime facility. It manages vast quantities of cargo, predominantly containers, and also facilitates significant passenger movements, serving as a central hub in the maritime sector. According to sources, on the evening of September 20 (Central Standard Time), there was a disruption in the port's network. Essential navigational data, such as tides, water depths, and weather information, might have become unavailable. A British teenager is believed to have initiated this disruption, allegedly in retaliation against a chat-room user over anti-American remarks. Subsequent investigations reportedly led to a DDoS attack tool being identified on the teenager's computer. However, the teenager was later freed of all charges during the trial. If the sources are accurate, while the cyberattack may not have resulted in physical damage, it could have disrupted operations. It's also noteworthy that, based on reports, the Port of Houston had faced a DDoS attack in August 2001, leading to another individual's conviction.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "US" }, "threat_actor": "Script Kiddie", "external_references": [ { "source_name": "Reference", "url": "https://www.theregister.co.uk/2003/10/06/uk_teenager_accused_of_electronic/ https://www.independent.co.uk/news/business/news/teenage-hacker-cleared-of-crashing-houston-s-computer-system-91926.html https://arxiv.org/pdf/2112.06545.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--595bb806-3304-48e7-8552-6462db995e17", "created_by_ref": "identity--db7e86db-a782-4e2a-8532-442d7d6a303d", "created": "2002-04-01T00:00:00Z", "modified": "2002-04-01T00:00:00Z", "name": "Intrusion", "description": "A group of hackers managed to penetrate the computer systems of the U.S. Navy's command and other entities. They defaced the U.S. Navy's website to highlight security vulnerabilities. A defense contractor, developing a website for the U.S. Navy, shut down its network after the hackers accessed employee passwords. The website pages were also defaced, information was made public, and messages claimed the action under the name \"Dynamic Duo\".", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Dynamic Duo", "external_references": [ { "source_name": "Reference", "url": "https://www.symantec.com/content/en/us/about/media/securityintelligence/SSR-Timeline.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--568bd555-0b40-4ff7-9688-d754c267ecdd", "created_by_ref": "identity--3686ddde-1b5d-42dc-9282-7a05374ed6e5", "created": "2002-12-02T00:00:00Z", "modified": "2002-12-02T00:00:00Z", "name": "Intrusion", "description": "The national oil company of Venezuela is a major entity responsible for a substantial portion of the country's economic activity and its contribution to local and world's oil supply. According to sources, during national strike movement, an intrusion targeted OT systems of the company, as well as centrally controlled operations. An major impact would have been Programmable Logic Controllers (PLCs) at a port facility being wiped out. Due to the intrusion, Venezuela's oil production faced a significant decline, dropping from 3 million barrels per day (BPD) to just 300 thousand BPD. Oil production had to be stopped during eight hours, a tanker waiting in the port could not be provided with oil, and PLCs had to be reinstalled.", "sector": "Offshore", "incident_type": "Intrusion", "location": { "country": "VE" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.sia-partners.com/en/insights/publications/cybersecurity-energy-implications-a-security-breach" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--22b241be-cd4f-46e6-a9af-855b8b9a9198", "created_by_ref": "identity--d3345c2c-56a4-430f-affb-50c50b68e5f2", "created": "2003-07-10T00:00:00Z", "modified": "2003-07-10T00:00:00Z", "name": "Website Compromission", "description": "According to sources, during the U.S.-led invasion of Iraq, certain websites associated with the U.S. Navy were allegedly compromised in cyber intrusions. The disruptions appear to have targeted the main online interfaces of these platforms. The enquiry showed that the activities had been conducted by a hacker named \"DKD\", who, purportedly, replaced website home pages with political slogans. Although there might not have been direct operational consequences, such events can influence public trust and perception. Legal ramifications for the involved individual could include a potential prison term of up to three years and a financial penalty nearing $50,850.", "sector": "Defence", "incident_type": "Website Compromission", "location": { "country": "US" }, "threat_actor": "DKD", "external_references": [ { "source_name": "Reference", "url": "https://www.cbsnews.com/news/french-teen-a-hacker-extraordinaire/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ed201859-d22e-49bc-ad10-b6582ee74d7f", "created_by_ref": "identity--6eaee8bc-0dbe-4599-85f3-f27a8b18146b", "created": "2006-11-06T00:00:00Z", "modified": "2006-11-06T00:00:00Z", "name": "Intrusion", "description": "The victim, recognized as the nation's premier center for strategic thought and national security policy development for the Navy, serves a diverse student body. The institution has 581 students, including officers from various military branches such as the Army, Air Force, Coast Guard and Marines, as well as civilians and international attendees. According to sources, around November 16, an intrusion into the computer network at a renowned naval academic institution was detected by the Navy Cyber Defense Operations Command. The compromised system, primarily used by the institution's students, was unclassified. In response to the breach, the institution's network, including its email and website, has been offline for over two weeks. While the exact timeline for its restoration remains uncertain, measures were taken to enhance the network's defenses, including upgrading firewalls. An investigation was conducted to determine the full extent of the intrusion, with officials abstaining from speculating on potential suspects.", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://www.nbcnews.com/id/16057306/ns/technology_and_science-security/t/hackers-attack-us-naval-war-college/#.VckLXflVhBc" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ebf56a80-b284-418c-a8b4-1aff05753b3c", "created_by_ref": "identity--a21b21b1-cd17-4372-b469-19169a7c9be1", "created": "2008-05-01T00:00:00Z", "modified": "2008-05-01T00:00:00Z", "name": "Intrusion", "description": "The victim, a leading drilling firm, relies on sophisticated computer systems which are essential for offshore operations, including remote telemetry and leak detection. According to sources, after the termination of his contract in May 2008, a former IT consultant with the company allegedly accessed its communication system without authorization. This system, which the consultant had previously set up, ensured communication between the company's onshore offices and offshore oil platforms. The unauthorized intrusion had an important impact on integrity and availability, causing significant financial losses. Though the company temporarily lost control of its telemetry systems, there were no consequent oil leaks or environmental hazards. The investigations identified evidence pointing to the consultant's involvement. If found guilty, he could be charged with potential penalties reaching up to ten years in prison.", "sector": "Offshore", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Internal", "external_references": [ { "source_name": "Reference", "url": "https://www.theregister.co.uk/2009/03/19/oil_rig_hack_charges/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8e85cd68-f8db-4147-a0a6-16837001ae40", "created_by_ref": "identity--09f64854-f33c-4518-98c6-686e811ab3f0", "created": "2009-01-12T00:00:00Z", "modified": "2009-01-12T00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, the French military's computer systems faced significant challenges from the malicious code known as Downadup/Conficker at that time. This malware, first detected in November 2008, exploits vulnerabilities in Windows systems. Downadup/Conficker was capable of dynamically altering its digital signature, effectively evading detection by many antivirus solutions. This worm could also lock out user accounts, seek passwords, block antivirus updates, hinder access to Windows Update, and even spread through the auto-run feature of USB drives. By January 12, 2009, the French Navy's internal network, Intramar, which is responsible for transmitting most digital data, was compromised by this malware. The spread was significant enough that certain operational systems had to be halted. In response to the infection, the French military took drastic measures. Internet access was severed, and the use of USB drives was temporarily banned. The likely origin of the infection was believed to be direct or indirect web connections, possibly via USB drives or laptops, of \"closed networks\" – computers meant to be isolated from external access. This incident underlined the difficulties to maintain a large number of Windows assets up to date at that time.", "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Conficker", "external_references": [ { "source_name": "Reference", "url": "https://www.01net.com/actualites/les-reseaux-informatiques-de-larmee-touches-par-un-virus-402849.html https://en.wikipedia.org/wiki/Conficker" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f1893646-a7ad-41f7-bade-132f7cebf4fd", "created_by_ref": "identity--1fad5653-7b53-454b-b37d-7836a31282fe", "created": "2010-XX-XXT00:00:00Z", "modified": "2010-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, in 2010, a major player in the offshore rigging sector had an offshore rig suffered a comprehensive malware attack. The event occured when the rig leaf the construction yard in South Korea for its production site in Latin America (probably Brazil). The malicious software managed to infiltrate essential controls, including offline safety mechanisms. The malware's infiltration had a severe operational impact, forcing the rig to shut down for 19 days. Considering the high day-to-day operational costs of such rigs, even if it was not in production, substantial financial losses of over 10 million dollars could have been reached.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "KR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://oilprice.com/Latest-Energy-News/World-News/Offshore-Drill-Rigs-at-Threat-from-Computer-Viruses.html https://maritimecyprus.files.wordpress.com/2015/06/maritime-cyber-risks.pdf https://www.houstonchronicle.com/business/energy/article/Malware-on-the-offshore-rig-Danger-lurks-where-4470723.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1496664b-79a6-4395-86bd-58afb72d2bf0", "created_by_ref": "identity--5c488173-891c-4354-bb1d-2cf7d175d181", "created": "2010-XX-XXT00:00:00Z", "modified": "2010-XX-XXT00:00:00Z", "name": "Intrusion", "description": "The victim, a Greek shipping company, has shipping routes particularly in challenging waters like the Gulf of Aden, Somalia. According to sources, between 2010 and 2011, this company experienced an unusually high number of successful (physical) piracy attacks while navigating through the Gulf of Aden. Upon investigation, it was uncovered that hackers, believed to be commissioned by pirates, infiltrated the company's systems. The primary aim of this unauthorized access was to obtain detailed ship routing plans, which enabled pirates to identify the most vulnerable ships and precisely time their passage through high-risk areas. After analysis, the breach's origin was traced back to Wi-Fi-enabled light bulbs, a recent addition to the company's office infrastructure. It seems that the failure to change default credentials on these smart devices facilitated unauthorized access, leading to operational, financial, and reputational damages.", "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "GR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://safety4sea.com/cm-unravelling-the-myth-behind-cyber-security/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3b08af2c-c5a5-475d-909f-56423a6e741a", "created_by_ref": "identity--26973c5f-b415-4061-aee5-86036d59fd79", "created": "2010-08-23T00:00:00Z", "modified": "2010-08-23T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": "According to sources, for 4 days during August 2010, North Korea jammed GPS frequencies, impacting 1 Navy ship.", "sector": "Defence", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "KR" }, "threat_actor": "North Korea", "external_references": [ { "source_name": "Reference", "url": "https://rntfnd.org/wp-content/uploads/ENC2013_JiwonSeo_revised.pdf https://www.unoosa.org/pdf/icg/2013/wgB-subgroup/5.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f312c5bb-7228-44a0-86e0-8579913f3310", "created_by_ref": "identity--f692840e-b6d3-48a6-bb67-de3a86a226b9", "created": "2011-05-01T00:00:00Z", "modified": "2011-05-01T00:00:00Z", "name": "Intrusion", "description": "According to sources, a \"hacker\", identifying as \"sl1nk\", claimed to have gained significant unauthorized accesses within the systems of several military and governmental agencies, amongst which the Navy. The \"hacker\" also alleged possession of thousands of sensitive documents.", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "sl1nk", "external_references": [ { "source_name": "Reference", "url": "https://thehackernews.com/2011/05/exclusive-report-is-department-of.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5555a95b-a542-4107-81be-56a1dc62bdcb", "created_by_ref": "identity--2b7c23ea-d84d-4682-86f2-dc95b0fa425a", "created": "2011-08-01T00:00:00Z", "modified": "2011-08-01T00:00:00Z", "name": "Data leak", "description": "According to sources, in August 2011, the victim was targeted by an advanced cyber attack. The spread and depth of the attack gave indications that the attack may be state-sponsored. Though details about the specific attackers remain unclear, the nature of the attack aligns with activities seen in other high-profile intrusion sets. While the entity acknowledged the compromise of some data, they stressed that no company-classified details leaked. They were able to recover the deleted information. However, the incident did inflict significant damage, both operationally and in terms of the pressure it placed on the organization.", "sector": "Shipowner", "incident_type": "Data leak", "location": { "country": "IR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.reuters.com/article/us-iran-sanctions-shipping/irans-top-cargo-shipping-line-says-sanctions-damage-mounting-idUSBRE89L10X20121022 https://maritimecyprus.files.wordpress.com/2015/06/maritime-cyber-risks.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a61f96de-e145-4dbb-a87a-84fb6dffa298", "created_by_ref": "identity--17156916-90b5-4097-9729-5e0d77514a38", "created": "2011-08-11T00:00:00Z", "modified": "2011-08-11T00:00:00Z", "name": "Intrusion", "description": "The victim is Japan's largest defense contractor. The company is known for producing missiles, aicraft parts as well as naval assets. According to sources, the company revealed that hackers had infiltrated its computer systems. The target of this intrusion seems to have been their submarine, missile, and nuclear power plant component factories. Around 80 virus-compromised computers were discovered at multiple locations, including their Tokyo headquarters and various manufacturing and R&D sites. Notably, the attack corresponds to activities associated with cyber threats that other global defense contractors, amongst others in the U.S., faced around that time. While the company spokesman emphasized that crucial data related to products or technologies remained secure, there was an admission that certain system information like IP addresses had been leaked. There's a potential, though considered minimal, for further information breaches. Various computer viruses, including the Trojan horse which is known for stealing vital information, were identified within its primary offices and production locations. ", "sector": "Industry", "incident_type": "Intrusion", "location": { "country": "JP" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.reuters.com/article/us-mitsubishiheavy-computer-idUSTRE78I0EL20110919" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--658918e0-51dd-46e7-9432-83b40ceb1466", "created_by_ref": "identity--504f1484-849b-45df-965a-6500b09f3ff5", "created": "2011-12-13T00:00:00Z", "modified": "2011-12-13T00:00:00Z", "name": "Intrusion", "description": "According to sources, on the night of 13 to 14 December 2011, there was a system outage affecting the Tax and Customs Administration's computer system, a critical system for reporting import and export goods and allowing the logistic procedures to follow smoothly. As a result of the system's unavailability, ships and trucks were immobilized, causing business transactions and movements within the port to be temporarily suspended.", "sector": "Port", "incident_type": "Intrusion", "location": { "country": "NL" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.tradenewswire.net/port-rotterdam-investing-cybersecurity/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a8dfa233-6fb1-4400-b8b5-de561e357cc3", "created_by_ref": "identity--1c627e89-298e-4f55-b4a9-8f27b3da6f41", "created": "2011-XX-XXT00:00:00Z", "modified": "2011-XX-XXT00:00:00Z", "name": "Physical hijack", "description": "Ports are using IT systems to monitor and manage the movement of containers and the goods they transport. A notorious drug-smuggling operation was revealed, showcasing the potential links between cybercrime and drug trafficking. A group of traffickers commissioned \"hackers\" to penetrate these systems. The cyberattack aimed to ascertain the exact locations of containers, making it possible for the traffickers to discreetly retrieve narcotics mixed with genuine cargo. According to sources, the operation unfolded over two years, starting with hackers sending malicious software via emails to staff. This was followed by more advanced methods like breaking into the premises to install key-logging devices. This modus operandi permitted them to monitor keystrokes and screen activity. While the total volume of drugs transported remains undetermined, a significant seizure included over a tonne of cocaine, worth around €130m, a suitcase containing €1.3M. A separate event that drew attention was an attack on a lorry driver, unrelated to the conspiracy, who was mistakenly believed to have transported a container filled with cocaine. The port also had to pays amounts to compensate for the loss of containers, and to strengthen its security measures.", "sector": "Port", "incident_type": "Physical hijack", "location": { "country": "NL" }, "threat_actor": "Crime", "external_references": [ { "source_name": "Reference", "url": "https://www.stormshield.com/news/cybermaretique-a-short-history-of-cyberattacks-against-ports/ https://www.bbc.com/news/world-europe-24539417 https://www.europol.europa.eu/sites/default/files/documents/cyberbits_04_ocean13.pdf https://www.bloomberg.com/graphics/2015-mob-technology-consultants-help-drug-traffickers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b64a7a74-699e-448d-9c06-1a57442d5741", "created_by_ref": "identity--5e207b23-bc53-4ea6-b737-2e79824ee781", "created": "2011-03-04T00:00:00Z", "modified": "2011-03-04T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": "According to sources, for 11 days during March 2011, North Korea jammed GPS frequencies, impacting 10 ships in South Korea.", "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "KR" }, "threat_actor": "North Korea", "external_references": [ { "source_name": "Reference", "url": "https://www.unoosa.org/pdf/icg/2013/wgB-subgroup/5.pdf https://rntfnd.org/wp-content/uploads/ENC2013_JiwonSeo_revised.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3243cbce-1dc8-4122-8814-de276b990cce", "created_by_ref": "identity--a95a88d0-de16-40bd-9e41-715ef6ae2f83", "created": "2012-08-01T00:00:00Z", "modified": "2012-08-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, the company's systems were compromised by a destructive malware designed explicitly for 32-bit NT kernel versions of Microsoft Windows. This malware, known as Shamoon, spread from one infected machine to other networked computers. Once a system was infiltrated, the malware compiled lists of files, relayed them to the attacker, and subsequently deleted them. The virus culminated its attack by overwriting the Master Boot Record (MBR), rendering the infected computer non-operational. The attack was claimed by a group called \"Cutting Sword of Justice\". The consequences of the cyber intrusion were significant, deeply affecting the victim's operational capabilities. An estimated 30,000 workstations were impacted, necessitating the company to devote over a week for service restoration. This event had cascading effects on the global market: the company's sudden and vast procurement of hard drives led to a notable hike in their market prices. Additionally, the public faced gasoline shortages as a direct result of the attack.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "SA" }, "threat_actor": "Cutting Sword of Justice", "external_references": [ { "source_name": "Reference", "url": "https://en.wikipedia.org/wiki/Shamoon" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9ddca40f-7588-41e6-a35f-2513b3fc6c0c", "created_by_ref": "identity--a1d45122-46c1-4b8c-9c20-07fd1dc56e56", "created": "2012-09-01T00:00:00Z", "modified": "2012-09-01T00:00:00Z", "name": "Spearphishing", "description": "According to sources, the victim faced cyber intrusions starting in 2009, with the deployment of the Hydraq (Aurora) Trojan horse being a prominent method. Over the subsequent years, the attackers systematically exploited several zero-day vulnerabilities, notably on Adobe and Microsoft products (CVE-2012-0779, CVE-2012-1875, CVE-2012-1889 and CVE-2012-1535). The Tactics, Techniques, and Procedures (TTPs) of the attacks seem to correspond with activities reputed of a group associated with the \"Elderwood Platform.\" Furthermore, there was a noticeable shift in their methods, with an increase in \"watering hole\" techniques, compromising specific websites expected to be visited by targets. The repercussions of these incidents for the victim could be multifaceted. Operational disturbances might have arisen due to the deployment of the mentioned zero-day vulnerabilities, potentially jeopardizing sensitive intellectual property. These intrusions might have also facilitated unauthorized access to top-tier defense contractors by using the victim as an intermediary. Given the escalated use of \"watering hole\" attacks, a vast amount of data may have been at risk, though the specifics on the type and extent of data remain uncertain. ", "sector": "Defence", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "The Elderwood Gang", "external_references": [ { "source_name": "Reference", "url": "https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=3b0d679a-3707-4075-a2a9-37d1af16d411&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2e5f7ebb-fe01-4379-b053-6757b1ef2d77", "created_by_ref": "identity--ab38d3af-bc9a-4c4b-ab31-9263e042131f", "created": "2012-XX-XXT00:00:00Z", "modified": "2012-XX-XXT00:00:00Z", "name": "Intrusion", "description": "The victim is responsible for customs and border protection in Australia. They operate a cargo system that monitors and manages the flow of goods in and out of the country. According to sources, in 2012, a cyber intrusion occurred within the Australian Custom and Border Protection cargo system. An individual gained unauthorized access to the system, allowing them to monitor the movement of specific cargo items. Utilizing the unauthorized access, the individual could discern when certain containers were flagged by the system as suspicious. This knowledge enabled the attacker to smuggle drugs into the country, as they could abandon containers marked for inspection, effectively evading detection by the authorities.", "sector": "Port", "incident_type": "Intrusion", "location": { "country": "AU" }, "threat_actor": "Crime", "external_references": [ { "source_name": "Reference", "url": "https://commons.wmu.se/cgi/viewcontent.cgi?article=1662&context=all_dissertations https://maritimecyprus.files.wordpress.com/2015/06/maritime-cyber-risks.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d7307d4a-a65f-4f05-ac57-40bba19da8b6", "created_by_ref": "identity--5c08f553-fb96-4a3b-9e29-44110df3c20b", "created": "2012-04-21T00:00:00Z", "modified": "2012-04-21T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim plays a central role in Denmark's governmental infrastructure, holding sensitive information on the nation's shipping companies and merchant navy. According to sources, in April 2012, a foreign state-sponsored cyber intrusion targeted the Danish Maritime Authority, other ministries, and companies of the private sector. The so-called \"highly sophisticated attack\" first used a phishing technique where a malicious virus was embedded in a PDF document attached to an email. When an unsuspecting employee of the Maritime Authority opened this compromised attachment, it granted the hackers back-door access to not only that particular computer but also an additional 13 PCs, several servers, and the larger Maritime Authority's network. The Danish authorities remained unaware of the security breach until files from the Maritime Authority were detected on a foreigh server, known to be under hacker control. This discovery led to the identification of the compromised files, which originated from the Maritime Authority employee's computer that had been infected through the virus email attachment. There was a disclosure of sensitive business information. As a countermeasure, the Danish authorities shut down the compromised system and surrounding assets for several days. Only after implementing new anti-virus programs was the system reactivated. Several sources in Denmark underlined the attack as similar to Chinese-reputed Tactics, Techniques and Procedures (TTPs). ", "sector": "Organisation", "incident_type": "Virus/Ransomware", "location": { "country": "DK" }, "threat_actor": "China", "external_references": [ { "source_name": "Reference", "url": "https://shippingwatch-dk.translate.goog/Rederier/article7043149.ece?_x_tr_sl=da&_x_tr_tl=en&_x_tr_hl=fr" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--bb37438e-3d19-4c66-9f95-013d78f22479", "created_by_ref": "identity--7bc2d995-04c6-4c14-86e0-0c74d583c066", "created": "2012-10-10T00:00:00Z", "modified": "2012-10-10T00:00:00Z", "name": "Intrusion", "description": "According to sources, the victim's offshore oil and gas platforms' communication networks have been targeted by cyber attackers in recent weeks. The head of information technology for a key oil company in the country confirmed the cyber-attack attempts on the offshore platforms' information networks. The attacks have been repelled, and the telephone operations on the platforms and other oil and gas operations in a critical gulf region are reported to be functioning normally.", "sector": "Offshore", "incident_type": "Intrusion", "location": { "country": "IR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/article/iran-s-offshore-platforms-become-target-of-recent-cyber-attacks https://www.reuters.com/article/uk-iran-cyber-idUKBRE8970B520121008" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0c181ea9-4d3c-4c81-aee4-4b33bd34c880", "created_by_ref": "identity--5afc7da0-8cb4-479b-8f32-1ffcc2ea643a", "created": "2012-04-28T00:00:00Z", "modified": "2012-04-28T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": "As well as other countries, South Korea heavily relies on GPS navigation for various sectors including aviation, maritime, and road transport. The country has previously faced similar electronic disruptions in the years 2010 and 2011. According to sources, from late April to early May, large coordinated cyber disturbances, which are believed to originate from North Korea, emitted electronic jamming signals affecting GPS navigations. These disruptions influenced passenger aircraft, ships, and car navigation systems. Signals were pinpointed coming from the direction of Kaesong, a location approximately 10 kilometers from the inter-Korean border and about 50 kilometers from key areas such as Seoul. Historical data suggests that past jamming incidents coincided with U.S.-South Korea joint military exercises and lasted for a duration of up to 10 days. While no immediate accidents, casualties, or fatalities were reported despite jammed navigation signals affecting 337 commercial flights and 122 ships, amongst which a ferry with 287 souls on board and an oil tanker.", "sector": "Defence", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "KR" }, "threat_actor": "North Korea", "external_references": [ { "source_name": "Reference", "url": "https://www.unoosa.org/pdf/icg/2013/wgB-subgroup/5.pdf https://www.gpsworld.com/massive-gps-jamming-attack-by-north-korea/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1ca513da-7038-4476-9d94-2b08b0e1f8b3", "created_by_ref": "identity--55f1f528-446b-410e-bf0b-6e382ba088c8", "created": "2012-04-XXT00:00:00Z", "modified": "2012-04-XXT00:00:00Z", "name": "Virus/Ransomware", "description": "A cyberattack on a primary oil terminal resulted in data being wiped from hard drives. While both \"virus\" and \"worm\" were terms used to describe the attack, the impact was significant, affecting multiple oil facilities. The main Kharg Island oil terminal, crucial for the nation's crude exports, was disconnected from the Internet to mitigate the attack's spread. According to sources, despite this, oil production and exports remained undisturbed, even if several oil-linked institution websites went down, it is unclear whether this was due to the attack or a preventive measure to isolate them and prevent further infection or intrusion.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "IR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.reuters.com/article/uk-iran-cyber-idUKBRE8970B520121008 https://www.bbc.com/news/world-middle-east-20842113 https://www.csoonline.com/article/2131621/iran-identifies---39-hidden-agenda--39--behind-oil-terminal-cyberattack.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c2cabe9e-70c0-4029-8cba-425fb7b49c49", "created_by_ref": "identity--c2f2ad89-e2f0-46e5-904a-3d213fedb6f1", "created": "2012-XX-XXT00:00:00Z", "modified": "2012-XX-XXT00:00:00Z", "name": "Intrusion", "description": "The group is victim of a cyberattack described as “heavy” and of an “exceptional quality”.", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "DE" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://siliconangle.com/2013/02/27/european-aeronautic-and-thyssenkrupp-become-cyber-attack-victims/ https://www.securityweek.com/european-space-industrial-firms-breached-cyber-attacks-report/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a5056e60-4b8a-4850-85cb-44c5df8d258b", "created_by_ref": "identity--175dc5e4-9531-45cb-a559-c17c31173133", "created": "2012-08-XXT00:00:00Z", "modified": "2012-08-XXT00:00:00Z", "name": "Intrusion", "description": "According to sources, starting in August 2012 and for a duration of four months, a group with Tactics, Techniques and Procedures reputed as Iran conducted an intrusion into the US Navy's unclassified administrative network (800 000 users, 2500 sites), during a wider operation called Operation Cleaver. The attackers would have exploited a vulnerability on a public-facing website before pivoting onto the intranet. Sources report that no data was stolen in the attack but that, however, $10 M were necessary to repair the damages caused by the attack.", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Iran", "external_references": [ { "source_name": "Reference", "url": "https://arstechnica.com/information-technology/2014/02/iranians-hacked-navy-network-for-4-months-not-a-surprise/ https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/2014.12.02.Operation_Cleaver/Cylance_Operation_Cleaver_Report.pdf http://online.wsj.com/news/articles/SB10001424052702304899704579389402826681452 https://iranprimer.usip.org/blog/2023/may/03/report-iran-accelerates-cyberattacks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8824099b-767d-4e91-9d71-12f6ceb3242a", "created_by_ref": "identity--47f5b2d9-d01d-4c4a-8e88-b9a02b25d603", "created": "2013-XX-XXT00:00:00Z", "modified": "2013-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, a Mobile Offshore Drilling Unit (MODU) in the Gulf of Mexico off the coast of Texas was compromised by malicious software downloaded by offshore oil workers through various sources which could have been direct satellite connections, laptops, or USB drives contaminated onshore. The infection had an impact on the Operational Technology (OT) of the MODU, and especially on the operational status of the Dynamic Positioning system (DP), causing the MODU to drift from the dwelling site. The Blow Out Preventer (BOP) kicked in and shut down the drilling, preventing environmental risk. While some sources mention multiple infections on several offshore platforms, the US Coast Guard commander only mentions one MODU impacted.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Human error", "external_references": [ { "source_name": "Reference", "url": "http://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf https://www.csis.org/blogs/strategic-technologies-blog/coast-guard-commandant-addresses-cybersecurity-vulnerabilities https://www.isssource.com/malware-on-oil-rigs/ https://youtu.be/DLT7tjbics0?feature=shared&t=1022" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--876f7c6d-9c3e-477f-8c82-053f1a781855", "created_by_ref": "identity--c0075239-3639-46da-8073-f93ec7bdad4b", "created": "2013-XX-XXT00:00:00Z", "modified": "2013-XX-XXT00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": "In 2013, without the precise day, month, or port publicly known, a GPS anomaly (probably jamming) impacted four automated cranes for more than seven hours. The operational capacities of two additional cranes were also impacted.", "sector": "Port", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://info.publicintelligence.net/DHS-SeaportCyberAttacks.pdf https://maritimedelriv.com/storage/app/media/Agencies/DHS/OCIA_Consequences_to_Seaport_Operations_from_Malicious_Cyber_Activity.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5b7ccfb1-117b-4107-96f2-d49a2d25c8cf", "created_by_ref": "identity--f1e09923-9fd9-4904-b402-32b3181bdbc9", "created": "2013-01-17T00:00:00Z", "modified": "2013-01-17T00:00:00Z", "name": "Human error", "description": "The ship was a mine countermeasures ship, part of the Avenger-class in the United States Navy, 68m long and 12m wide. She was built in the mid-1980s. According to sources, in January 2013, after a port of call, the vessel ran aground on a protected reef in the Philippines during a transit. Discrepancies in Electronic Navigational Chart (ENC) mislocated the reef, playing a significant role in the mishap. The grounding of the ship on the reef had substantial implications. Due to challenges in recovery and risks of further reef damage, the ship was decommissioned a month post the incident. Measures to minimize environmental impact included segmenting the ship into pieces and removing it section by section. The incident led to the U.S. compensating the Philippines for reef damages and associated costs. The U.S. Navy ultimately decided to scrap the vessel, for an estimated cost of $277 million.", "sector": "Defence", "incident_type": "Human error", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://en.wikipedia.org/wiki/USS_Guardian_(MCM-5) https://safety4sea.com/uss-guardian-grounding-investigation-reveals-lack-of-leadership/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0c42695e-22e2-4483-bff1-26e5e1b024f3", "created_by_ref": "identity--0ff6d0bd-8626-4c44-859a-6a02364c8bf8", "created": "2013-03-01T00:00:00Z", "modified": "2013-03-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Anchor Panda", "external_references": [ { "source_name": "Reference", "url": "https://www.crowdstrike.com/blog/whois-anchor-panda/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d7411f9e-70ed-41ed-a85f-58e1b719753e", "created_by_ref": "identity--803661d8-fe8d-4cff-aa40-bdbb6d25b6a7", "created": "2013-05-27T00:00:00Z", "modified": "2013-05-27T00:00:00Z", "name": "Intrusion", "description": "The U.S. defense sector was targeted by an attack which seems to have concerned sensitive programs such as naval ships, missiles and sensors. According to sources, designs for a multitude of advanced weapons systems were breached. The exact timeline and breadth of these breaches remain undisclosed. The attack corresponds to activities associated with an intrusion set that many knowledgeable officials link to a larger espionage campaign. ", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "China", "external_references": [ { "source_name": "Reference", "url": "https://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-081.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7321cebd-1f1a-410d-a1a2-a84d94e98dee", "created_by_ref": "identity--00826a98-882e-4489-a769-b9ec8facfa4d", "created": "2013-09-01T00:00:00Z", "modified": "2013-09-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, a new Advanced Persistent Threat (APT) group dubbed \"Icefog\" was detected, targeting maritime actors such as shipyards and naval defence industry. The main maritime targets publickly disclosed were located in South Korea, and in the US for one undisclosed Oil and Gas corporation. The initial spearphishing attacks mostly used Microsoft Office and Java exploits. The specialized backdoor named \"Icefog\" (or \"Fucobha\") was compatible with both Windows and Mac OS X platforms. The attackers were able to gain access to sensitive documents and plans, as well as emails credentials. Over 4,000 machines were detected infected at a global level. Though the majority of these were in Asia, and in Korea for the maritime and naval sector, a significant number of undisclosed targets were also traced back to the USA, Europe, and Australia.", "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "KR" }, "threat_actor": "Icefog", "external_references": [ { "source_name": "Reference", "url": "https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/ https://www.darkreading.com/attacks-and-breaches/java-icefog-malware-variant-infects-us-businesses/d/d-id/1113451 https://securelist.com/the-icefog-apt-hits-us-targets-with-java-backdoor/58209/ http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_exposes_Icefog_a_new_cyber-espionage_campaign_focusing_on_supply_chain_attacks https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20133739/icefog.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5eb27e14-f6db-4e99-ae6f-0e7ccc0c8c6f", "created_by_ref": "identity--858f3d7a-8572-47e9-97c3-81faaa365456", "created": "2013-XX-XXT00:00:00Z", "modified": "2013-XX-XXT00:00:00Z", "name": "Denial of service", "description": "A research paper linking to a now vanished article (that I found back on web.archive.org) mentions the possibility that the victim port would have been victim of a \"large scale\" Distributed Denial of Service attack in 2013. The port mentioned, in other available studies, that it had to face at that date one million hacking attempts a day and two to three so-called \"cyber storms\" a year.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "US" }, "threat_actor": "Unknown", "external_references": [ { "source_name": "Reference", "url": "https://web.archive.org/web/20160315042047/https://www.cytegic.com/managing-cyber-risk-global-shipping-industry-part/ https://arxiv.org/pdf/2112.06545.pdf https://www.ship-technology.com/features/feature-cybersecurity-port-computer-hackers-us-belgium/?cf-view https://www.govinfo.gov/content/pkg/CHRG-114hhrg99577/html/CHRG-114hhrg99577.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--96aaeca1-9fc2-432c-bbf8-b88ec23fdbea", "created_by_ref": "identity--ea844099-0b49-4625-a2a1-e8131e2c97b5", "created": "2013-03-01T00:00:00Z", "modified": "2013-03-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Anchor Panda", "external_references": [ { "source_name": "Reference", "url": "https://www.crowdstrike.com/blog/whois-anchor-panda/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--11114e51-0856-4a6c-8648-ab2d38a8ccda", "created_by_ref": "identity--10326d1b-1ab2-478c-9199-f1129b54a343", "created": "2013-03-01T00:00:00Z", "modified": "2013-03-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "SE" }, "threat_actor": "Anchor Panda", "external_references": [ { "source_name": "Reference", "url": "https://www.crowdstrike.com/blog/whois-anchor-panda/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4255fb0b-81d4-4659-9f18-8786d0fd5f03", "created_by_ref": "identity--8f8010eb-35c8-447b-82c2-631b8c58cd9c", "created": "2013-03-01T00:00:00Z", "modified": "2013-03-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Anchor Panda", "external_references": [ { "source_name": "Reference", "url": "https://www.crowdstrike.com/blog/whois-anchor-panda/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9f8db2f9-80b3-4bfb-8bbc-5ed44a5301c6", "created_by_ref": "identity--ecb4795d-0a1f-4c19-9ca3-b8bead41903d", "created": "2013-03-01T00:00:00Z", "modified": "2013-03-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "AU" }, "threat_actor": "Anchor Panda", "external_references": [ { "source_name": "Reference", "url": "https://www.crowdstrike.com/blog/whois-anchor-panda/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5700c94a-1533-462f-8f7f-90cc0e4d921f", "created_by_ref": "identity--eb24373c-e396-4ad8-b9fe-38caf4c055a8", "created": "2013-09-01T00:00:00Z", "modified": "2013-09-01T00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, a new Advanced Persistent Threat (APT) group dubbed \"Icefog\" was detected, targeting maritime actors such as shipyards and naval defence industry. The main maritime targets publickly disclosed were located in South Korea, and in the US for one undisclosed Oil and Gas corporation. The initial spearphishing attacks mostly used Microsoft Office and Java exploits. The specialized backdoor named \"Icefog\" (or \"Fucobha\") was compatible with both Windows and Mac OS X platforms. The attackers were able to gain access to sensitive documents and plans, as well as emails credentials. Over 4,000 machines were detected infected at a global level. Though the majority of these were in Asia, and in Korea for the maritime and naval sector, a significant number of undisclosed targets were also traced back to the USA, Europe, and Australia.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Icefog", "external_references": [ { "source_name": "Reference", "url": "https://securelist.com/the-icefog-apt-a-tale-of-cloak-and-three-daggers/57331/ https://www.darkreading.com/attacks-and-breaches/java-icefog-malware-variant-infects-us-businesses/d/d-id/1113451 https://securelist.com/the-icefog-apt-hits-us-targets-with-java-backdoor/58209/ http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_exposes_Icefog_a_new_cyber-espionage_campaign_focusing_on_supply_chain_attacks https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20133739/icefog.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1890812e-f403-4eaa-b667-608f1cede608", "created_by_ref": "identity--80de87a8-afa6-4998-a821-667c95c8ff38", "created": "2014-XX-XXT00:00:00Z", "modified": "2014-XX-XXT00:00:00Z", "name": "Scam", "description": "Bunkering companies are high value targets for scammers. Handling worldwide money transactions in exchange for fuel bunkering, vulnerable procedures (lack of double check with alternative mean, for instance) or low awareness can lead to important financial consequences. According to sources, in this case, the attackers impersonated the seller and sent emails requesting payment to be made to a different bank account. The funds were sent into the scammer's bank account. The victim was taken to court by its insurer, the cost of the scam for the bunkering company was evaluated to a $18 million loss.", "sector": "Logistics", "incident_type": "Scam", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://shipandbunker.com/news/world/670152-wfs-in-court-over-18m-bunker-scam-claim https://www.tradewindsnews.com/weekly/sophisticated-scams-highlight-growing-cyber-risk-to-shipping/1-1-346334 https://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b30d26e6-4285-43ba-9383-9c4684be8bbd", "created_by_ref": "identity--8c52d7df-f1f8-4407-a969-8a82b3bce56b", "created": "2014-07-01T00:00:00Z", "modified": "2014-07-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Logistics", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/TrapX_ZOMBIE_Report_Final.pdf https://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ff6f6832-b81e-4f6a-b2f8-78bbb987e047", "created_by_ref": "identity--ef9611d9-9263-4c5a-b199-2fcc790e9994", "created": "2014-XX-XXT00:00:00Z", "modified": "2014-XX-XXT00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "XX" }, "threat_actor": "Contraband", "external_references": [ { "source_name": "Reference", "url": "https://paperzz.com/doc/7737059/an-analysis-of-the-magnitude-and-implications-of-growing-..." }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dacc8f8e-c933-454c-b890-43a85088b1d1", "created_by_ref": "identity--10c52cd7-57ef-492e-9687-73c9c13cd96c", "created": "2014-11-XXT00:00:00Z", "modified": "2014-11-XXT00:00:00Z", "name": "Scam", "description": "The victim is a Canadian company engaged in mineral exploration and the development of seafloor copper, gold, silver, and zinc mining projects. They have affiliations with a Dubai-based marine solutions company and were in the process of providing a charterer's guarantee for an offshore project. According to sources, there was an incident in which the victim mistakenly made a $10-million deposit into an unauthorized account instead of to the Dubai-based company. This occurred during late November 2014, and the discovery of the error was made in December. Upon realization, the situation was promptly reported to authorities and an investigation was launched. The company has collaborated with its Dubai-based partner to find a resolution. Furthermore, both entities will decide on the steps to take regarding the misdirected funds once the investigation concludes, which is anticipated to span several months. Meanwhile, the ongoing construction of the related vessel remains unaffected.", "sector": "Logistics", "incident_type": "Scam", "location": { "country": "CA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.miningweekly.com/article/nautilus-minerals-the-victim-of-a-cyber-scam-prepays-10m-to-wrong-account-2015-02-02 https://en.wikipedia.org/wiki/Nautilus_Minerals https://www.engineeringnews.co.za/print-version/nautilus-minerals-the-victim-of-a-cyber-scam-prepays-10m-to-wrong-account-2015-02-02 https://www.sec.gov/Archives/edgar/data/1366852/000106299316007631/exhibit2-8.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0e1f8cad-fcec-49c0-9a7d-f94298cb669c", "created_by_ref": "identity--4b7c1d96-02d3-4499-9afe-08feac2db42c", "created": "2015-10-01T00:00:00Z", "modified": "2015-10-01T00:00:00Z", "name": "Website Compromission", "description": null, "sector": "Education", "incident_type": "Website Compromission", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.boston25news.com/news/mass-maritime-academy-website-hacked-twice-linking-to-islamic-extremist-site/142411996" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dd522686-f240-431c-83f4-b0e0c4791838", "created_by_ref": "identity--32fe08c5-327e-4585-ba94-680b03f15b43", "created": "2015-12-01T00:00:00Z", "modified": "2015-12-01T00:00:00Z", "name": "Scam", "description": null, "sector": "Shipowner", "incident_type": "Scam", "location": { "country": "CA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://maritime-executive.com/blog/maritime-cyber-attacks-changing-tides" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a3a2fdf0-bdf2-414b-b80a-a9e215632892", "created_by_ref": "identity--c35387fa-a521-4800-967a-363eda8782cd", "created": "2015-XX-XXT00:00:00Z", "modified": "2015-XX-XXT00:00:00Z", "name": "Intrusion", "description": null, "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--bce8ed55-e192-48f1-82f4-cab67d02bfa0", "created_by_ref": "identity--7c0465f6-5bdd-41f5-90cf-5772acf586ef", "created": "2015-XX-XXT00:00:00Z", "modified": "2015-XX-XXT00:00:00Z", "name": "Intrusion", "description": null, "sector": "Offshore", "incident_type": "Intrusion", "location": { "country": "NO" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.dnvgl.com/news/cma-shipping-2015-dnv-gl-addresses-cybersecurity-risks-21348" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c78ed86d-53a0-4251-8cc8-5efdbb77f341", "created_by_ref": "identity--6f5a238c-f8dd-4dc9-8f96-29bc7036986f", "created": "2015-XX-XXT00:00:00Z", "modified": "2015-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://www.drillingcontractor.org/drilling-cybersecurity-36727" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7c2610c5-4fa3-4a68-9df6-391eeb1acf97", "created_by_ref": "identity--f91d31eb-d7fe-4b38-968b-a687fec1c201", "created": "2015-XX-XXT00:00:00Z", "modified": "2015-XX-XXT00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Shipowner", "incident_type": "Spearphishing", "location": { "country": "CY" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://maritime-executive.com/blog/maritime-cyber-attacks-changing-tides" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--171d302c-21ae-4d36-8146-434ac3d6afa4", "created_by_ref": "identity--4453f47b-8b80-47fd-ad90-75658e156650", "created": "2015-10-01T00:00:00Z", "modified": "2015-10-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "MRE", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.usinenouvelle.com/article/l-hydrolienne-de-sabella-attaquee-par-des-pirates.N384317" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--cb583e29-656b-48cc-939c-95d1cc11b716", "created_by_ref": "identity--636faf15-f1aa-45b9-97e9-9f9d8cc88a87", "created": "2015-12-01T00:00:00Z", "modified": "2015-12-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://app.hacknotice.com/#/hack/5a6f60cbba0c8e312e7101c3" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f64a3604-8923-4c92-928e-beaacbb0b456", "created_by_ref": "identity--397e5869-d33c-4720-9995-b6b5677cbbab", "created": "2016-XX-XXT00:00:00Z", "modified": "2016-XX-XXT00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Logistics", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "http://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--02d83ce4-2cff-47c6-830f-dc39a6459f13", "created_by_ref": "identity--2fa83428-a623-419a-99c0-9dcd03dfbaca", "created": "2016-XX-XXT00:00:00Z", "modified": "2016-XX-XXT00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Logistics", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "http://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--716ca0b5-0fba-4de0-ad90-bb623db9eb84", "created_by_ref": "identity--684a7243-0fea-46b6-9a61-125a1b9ed411", "created": "2016-XX-XXT00:00:00Z", "modified": "2016-XX-XXT00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "http://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7eb160e1-4462-4d46-8f82-45850395ba53", "created_by_ref": "identity--d5ab07e9-cdbb-46f1-8aa4-b02a9a480021", "created": "2016-XX-XXT00:00:00Z", "modified": "2016-XX-XXT00:00:00Z", "name": "Denial of service", "description": "A US major port is victim of a Denial of Service (DoS) attack. According to the sources, the Tactics, Techniques and Procedures (TTPs) used link to method of attacks claimed to be from Russia. Only the administrative website of the port would have been targeted, without any proven impact on the port’s OT systems.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "US" }, "threat_actor": "Russia", "external_references": [ { "source_name": "Reference", "url": "http://aapa.files.cms-plus.com/SeminarPresentations/2016Seminars/2016SecurityIT/K.%20Belmont%20-%20AAPA%20Maritime%20Cybersecurity%20FINAL.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6f462fea-93c4-46dc-aeb2-2bdea2a4c438", "created_by_ref": "identity--9b9d325c-e459-4f4e-9401-1630b8f89f2d", "created": "2016-03-02T00:00:00Z", "modified": "2016-03-02T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Organisation", "incident_type": "Intrusion", "location": { "country": "GB" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://maritime-executive.com/article/bimco-warns-of-security-breach-in-anti-piracy-program https://www.databreaches.net/mtisc-gog-investigation-finds-no-evidence-of-breach/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--61a65621-6fab-44d7-ab83-d8bbbb8a1441", "created_by_ref": "identity--4c54e0fc-e678-4fb0-9b86-f6ad3b100e5b", "created": "2016-04-01T00:00:00Z", "modified": "2016-04-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipyard", "incident_type": "Intrusion", "location": { "country": "KR" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://www.reuters.com/article/us-northkorea-missiles-cybercrime/north-korea-hacked-daewoo-shipbuilding-took-warship-blueprints-south-korea-lawmaker-idUSKBN1D00EX" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--738e1afa-3d48-4bc3-a2a7-d0d41029797d", "created_by_ref": "identity--69c027f1-d076-4c1a-a8cf-7ae64cc79499", "created": "2016-04-01T00:00:00Z", "modified": "2016-04-01T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "KR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/features/cyber-attack-whats-at-stake" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2cfb843d-a346-404a-a24a-f671cd12bca6", "created_by_ref": "identity--99347fa1-4e4d-4fe6-9e17-f95d09cb64d5", "created": "2016-08-11T00:00:00Z", "modified": "2016-08-11T00:00:00Z", "name": "Intrusion", "description": "The victim, a major conglomerate in Germany with activities spanning steel production to marine systems, reportedly became the target of a cyber intrusion. According to sources, earlier this year, technical trade secrets from the conglomerate's steel production and plant design divisions were compromised. Internal security measures identified the breach in April, linking it back to incidents from February. The attack corresponds to activities associated with unidentified attackers, their Tactics, Techniques and Procedures however linking them to what is analyzed as southeast Asia. Post-discovery, it was confirmed that the marine systems unit, a segment crucial for military submarine and warship production, remained untouched. The true extent of intellectual property loss is still undetermined.", "sector": "Shipyard", "incident_type": "Intrusion", "location": { "country": "DE" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://www.ynetnews.com/articles/0,7340,L-4890294,00.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--21677efb-f1ae-49cc-a07f-7d7bfa8ceded", "created_by_ref": "identity--4ae550fb-6619-4a9c-8296-f8a0fe2c1c45", "created": "2016-08-24T00:00:00Z", "modified": "2016-08-24T00:00:00Z", "name": "Data leak", "description": null, "sector": "Shipyard", "incident_type": "Data leak", "location": { "country": "FR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.reuters.com/article/idUSKCN10Z04G" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0b4f62e2-dcf6-4256-b56e-b49ff200b0f0", "created_by_ref": "identity--cbd217d3-97e4-49b5-9fdc-bf8d2f94d96a", "created": "2017-06-22T00:00:00Z", "modified": "2017-06-22T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "RU" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime.dot.gov/content/2017-005a-black-sea-gps-interference https://www.wired.co.uk/article/black-sea-ship-hacking-russia" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9a023ee8-a16a-42fe-9ce2-c5b712f09551", "created_by_ref": "identity--a4790e78-97b1-46c9-b59a-aa1667ed9f92", "created": "2017-06-27T00:00:00Z", "modified": "2017-06-27T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "IN" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://thewire.in/economy/jnpt-indias-largest-container-port-hit-by-global-cyber-attack https://www.thehindu.com/news/national/operations-at-jawaharlal-nehru-port-in-mumbai-hit-by-ransomware/article19159064.ece https://www.hindustantimes.com/india-news/cyber-attack-malware-hits-jawaharlal-nehru-port-operations-in-mumbai/story-xGtbHwvZI4bX5RgJCUBN3L.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d9ca810d-3f83-4471-bb8f-66302d7ee991", "created_by_ref": "identity--fc2f7f5c-5065-47cb-9f1d-2d7ef60e18f7", "created": "2017-06-30T00:00:00Z", "modified": "2017-06-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "DK" }, "threat_actor": "NotPetya", "external_references": [ { "source_name": "Reference", "url": "https://www.theregister.co.uk/2018/01/25/after_notpetya_maersk_replaced_everything/ https://redmondmag.com/blogs/scott-bekker/2018/08/domain-controller-nightmare.aspx https://gvnshtn.com/maersk-me-notpetya/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5a2cfa27-b25a-4345-a4dc-5a8adc1f1344", "created_by_ref": "identity--b909aa5b-fcba-475b-ae09-282d68ec1eda", "created": "2017-06-30T00:00:00Z", "modified": "2017-06-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "NL" }, "threat_actor": "NotPetya", "external_references": [ { "source_name": "Reference", "url": "https://www.portofrotterdam.com/en/news-and-press-releases/cyber-attack-strikes-one-company-in-the-port-area https://www.portofrotterdam.com/en/news-and-press-releases/port-cyber-hotline-operational" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3a29282c-965e-42c3-ad0c-1528a2fe588f", "created_by_ref": "identity--995c0c8d-4be9-4f7c-a8c3-032d2cd64e90", "created": "2017-07-13T00:00:00Z", "modified": "2017-07-13T00:00:00Z", "name": "Malfunction", "description": null, "sector": "Ship", "incident_type": "Malfunction", "location": { "country": "DE" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://insurancemarinenews.com/insurance-marine-news/marine-accident-round/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3f231b71-cd65-4f60-8f73-97e41f74e38d", "created_by_ref": "identity--86661fd8-99a6-4342-9028-c3db04f4ec84", "created": "2017-07-01T00:00:00Z", "modified": "2017-07-01T00:00:00Z", "name": "Remote Access", "description": null, "sector": "Offshore", "incident_type": "Remote Access", "location": { "country": "NO" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://www.marinemec.com/news/view,tanker-group-says-it-faced-cyber-attack-in-july_49564.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c059783f-85b0-45fa-ba48-0de66e4c95c9", "created_by_ref": "identity--9cd42c45-03bd-4034-9de7-962fb14f6ab0", "created": "2017-07-01T00:00:00Z", "modified": "2017-07-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://lloydslist.maritimeintelligence.informa.com/LL111889/BW-Group-computers-hit-by-cyber-attack-in-July http://lss-sapu.com/2017/10/16/computer-hackers-targeted-bw-group/ https://www.spglobal.com/platts/en/market-insights/latest-news/shipping/101317-shipping-bw-groups-computer-systems-hacked-steps-up-cyber-security" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b1386196-0b3a-412a-8e1a-54dfe10d4ac1", "created_by_ref": "identity--9c7182b8-28d0-4a34-b697-dc9e5a88ab41", "created": "2017-10-16T00:00:00Z", "modified": "2017-10-16T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Defence", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--29d55ceb-cee5-45f1-a4e6-4e20af5ceaf4", "created_by_ref": "identity--3b1e2295-37f7-4c94-a241-2cc8b564c6a4", "created": "2017-05-31T00:00:00Z", "modified": "2017-05-31T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Industry", "incident_type": "Intrusion", "location": { "country": "GB" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.clarksons.com/media/1129201/notice_of_cyber_security_incident.pdf https://www.clarksons.com/media/1142671/update_on_2017_data_breach____regulatory_notice.pdf https://www.securityweek.com/global-shipping-firm-clarksons-provides-update-2017-breach https://gcaptain.com/clarkson-plc-reveals-details-of-2017-cyber-security-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--59cdb237-e618-42ac-9ab7-25cfb7ea4f14", "created_by_ref": "identity--b9c16119-fb9a-4460-af75-1c6c2423c577", "created": "2017-01-01T00:00:00Z", "modified": "2017-01-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Ship", "incident_type": "Intrusion", "location": { "country": "DE" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.linkedin.com/pulse/hackers-took-full-control-container-ships-navigation-systems-goward However, this case is disputed by https://splash247.com/fear-fake-news-cyber-hype/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ae252591-cfea-47bd-8ceb-1e3848c89d25", "created_by_ref": "identity--6d9e0e3e-8726-4de8-acd4-93a7af3cb0b3", "created": "2017-01-01T00:00:00Z", "modified": "2017-01-01T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Shipowner", "incident_type": "Spearphishing", "location": { "country": "KR" }, "threat_actor": "Gold Galleon", "external_references": [ { "source_name": "Reference", "url": "https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--21e02be7-d637-42e4-bd73-6cb8fa7acbdd", "created_by_ref": "identity--b0709de0-270a-427d-b2dc-611337cd279c", "created": "2017-06-28T00:00:00Z", "modified": "2017-06-28T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "AR" }, "threat_actor": "NotPetya", "external_references": [ { "source_name": "Reference", "url": "https://www.voanews.com/a/petya-computer-virus-spreads-ukraine-disrupt-world-business/3920215.html https://www.reuters.com/article/us-cyber-attack-cofco-idUSKBN19J21D https://www.agritotal.com/nota/29386-urgente-cofco-argentina-esta-en-jaque-por-un-virus-informatico/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8df92992-a143-4eb8-9720-80ce0fdad556", "created_by_ref": "identity--506dc168-004e-491d-98a6-93e84ab796c6", "created": "2017-03-07T00:00:00Z", "modified": "2017-03-07T00:00:00Z", "name": "Denial of service", "description": "According to the source, an unprecised computer system of the port faced a Denial of Service (DoS) attack during a meeting. The source of the infection led to a guest's computer that connected to the port’s Wi-Fi, unintentionally triggering the attack due to a virus which was present on his computer. The same article underlines the fact that the port faces numerous DoS attacks each week.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "Human error", "external_references": [ { "source_name": "Reference", "url": "https://www.columbian.com/news/2017/mar/10/port-of-vancouver-meeting-hindered-by-cyberattack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a5778c58-adb0-4cd6-9b4a-472f7162f43d", "created_by_ref": "identity--ec25027b-3267-4c85-a473-7ef5ac058d77", "created": "2017-05-27T00:00:00Z", "modified": "2017-05-27T00:00:00Z", "name": "Intrusion", "description": "The victim, a global entity employing around 4,000 individuals, operates within the maritime industry and is associated with a major international shipping conglomerate. It is known for providing marine solutions and has a significant presence in Australia, where the incident occurred. According to sources, the victim experienced a cybersecurity breach between May 27, 2017, and March 1, 2018. It was only upon discovery that the victim acted swiftly to mitigate the theft within a span of five hours. Unauthorized entities managed to auto-forward over 50,000 emails from the finance, payroll and operations departments to external accounts.", "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "AU" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://safety4sea.com/maritime-cyber-attacks-still-reality/ https://www.linkedin.com/pulse/svitzer-australia-affected-cyber-security-data-theft-nathan-cecil/ https://cyberonboard.com/data-theft-affects-hundreds-of-svitzer-australias-employees/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--27663c79-c11b-42ea-85fc-812b77f8dad8", "created_by_ref": "identity--1d002d59-6515-4813-ab77-8d593d7e8d38", "created": "2018-07-24T00:00:00Z", "modified": "2018-07-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.offshore-energy.biz/cosco-shipping-lines-falls-victim-to-cyber-attack/ https://safety4sea.com/cyber-attack-hits-coscos-operations-in-us/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--20e8967e-612f-4c23-b29b-8d16a557db31", "created_by_ref": "identity--e7022ff9-2c80-4296-a0bf-b0a8b6abf80a", "created": "2018-01-XXT00:00:00Z", "modified": "2018-01-XXT00:00:00Z", "name": "Intrusion", "description": "The victim, a Navy contractor engaged in highly sensitive work for the victim, was the subject of a security compromise. This entity develops naval warfare technology, including the creation of advanced submarine systems and undersea weapons, and is linked to significant U.S. defense initiatives such as the Sea Dragon project and other underwater programs. According to sources, state-sponsored attackers infiltrated the contractor's systems in early 2018. The TTPs of the breach align with those typically employed by the Chinese Ministry of State Security, known for its sophisticated cyber espionage operations. This incident is part of an ongoing cyberwarfare narrative between the U.S. and China, with the latter making significant advances despite international attempts to stem such intrusions. The breach led to the exfiltration of 614 gigabytes of data, including details on the so-called Sea Dragon project. Although officials noted the data was unclassified, when aggregated, it potentially bore the hallmarks of classified information.", "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "China", "external_references": [ { "source_name": "Reference", "url": "https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html https://www.nytimes.com/2018/06/08/us/politics/china-hack-navy-contractor-.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c78525e0-04b3-4c09-b4bd-1e49800a93d3", "created_by_ref": "identity--73e51597-35af-40d8-a3c9-80674d330bd6", "created": "2018-09-20T00:00:00Z", "modified": "2018-09-20T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Port", "incident_type": "Intrusion", "location": { "country": "ES" }, "threat_actor": "Ryuk", "external_references": [ { "source_name": "Reference", "url": "https://www.ara.cat/economia/port-barcelona-pateix-ciberatac_1_2724522.html https://securityaffairs.co/wordpress/76483/hacking/port-of-barcelona-hack.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7099d183-2a6c-4d81-88de-ad60fd5e24df", "created_by_ref": "identity--3e2ba3db-163e-4fc9-93a6-baedf9988af5", "created": "2018-09-25T00:00:00Z", "modified": "2018-09-25T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, a critical hub for international maritime trade and commerce, is responsible for facilitating a wide array of activities at the waterfront, including cargo, cruise, and public services. As a strategic point of infrastructure, it is integrated into a larger network of ports and relies heavily on its technology systems to manage operations efficiently. According to sources, on September 25, 2018, the victim fell prey to a ransomware attack, identified as 'SamSam'. This cybersecurity incident was marked by demands for payment in Bitcoin and is associated with tactics typically linked to a state-sponsored hacker group operating out of Iran. The attack leveraged a highly sophisticated threat vector, aiming to disrupt the victim's technological systems, although the specific scale and origin remain part of an ongoing investigation by federal agencies. The ramifications of the cyberattack may include substantial financial demands and could have resulted in operational hiccups, though initial reports indicated that cargo safety and traffic operations were not compromised. The incident drew the attention of and an investigation by the FBI and the Department of Homeland Security.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "SamSam", "external_references": [ { "source_name": "Reference", "url": "https://www.portofsandiego.org/press-releases/general-press-releases/port-san-diego-issues-statement-cybersecurity-incident https://www.portofsandiego.org/press-releases/general-press-releases/port-san-diego-927-update-cybersecurity-incident https://www.portofsandiego.org/press-releases/general-press-releases/port-san-diego-releases-additional-information-cybersecurity https://www.sandiegoreader.com/news/2019/apr/10/city-lights-happened-ransomware-port-san-diego/ https://www.justice.gov/opa/pr/two-iranian-men-indicted-deploying-ransomware-extort-hospitals-municipalities-and-public https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/ https://www.maritime-executive.com/article/iranian-hackers-indicted-for-port-of-san-diego-cyberattack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c8a996c6-7641-4324-839f-ad9bf030e090", "created_by_ref": "identity--c4e6fdf8-c4bc-4f39-8dca-537f3fcd99db", "created": "2018-10-10T00:00:00Z", "modified": "2018-10-10T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Port", "incident_type": "Spearphishing", "location": { "country": "CA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5d53de9e-6fb1-4d67-b55a-53578386c7eb", "created_by_ref": "identity--102a9660-70f0-4a93-8363-cd02dfba8974", "created": "2018-11-02T00:00:00Z", "modified": "2018-11-02T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipyard", "incident_type": "Intrusion", "location": { "country": "AU" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.abc.net.au/news/2018-11-02/austal-ship-cyber-attack-and-extortion-attempt-national-security/10458982 https://safety4sea.com/australian-defense-shipbuilder-austal-hit-by-cyber-attack/ https://news.defence.gov.au/media/media-releases/austal-cyber-security-incident https://www.theguardian.com/technology/2018/nov/02/defence-shipbuilder-austal-hit-with-data-breach-and-extortion-attempt" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--86f1e5b3-e6f8-406a-82f3-c4c4a3955f22", "created_by_ref": "identity--d774fb20-2110-4e4f-a0c1-92a0b098cb0f", "created": "2018-12-10T00:00:00Z", "modified": "2018-12-10T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Offshore", "incident_type": "Intrusion", "location": { "country": "IT" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.saipem.com/en/media/press-releases/2018-12-17/saipem-final-update-cyber-attack-suffered" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--46cf475e-4e65-44e9-ad67-79c3c7c1ce6a", "created_by_ref": "identity--ac820240-d0bb-4ce9-a25e-6094719ad9ae", "created": "2018-08-01T00:00:00Z", "modified": "2018-08-01T00:00:00Z", "name": "Data leak", "description": null, "sector": "Defence", "incident_type": "Data leak", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://vpnoverview.com/news/ex-navy-couple-sold-data-of-over-9000-people-on-dark-web/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--38cbf8c6-8b00-4f74-b75c-034cf11b6f53", "created_by_ref": "identity--78af53ff-39b8-4ea4-a38d-aa8648557000", "created": "2019-02-01T00:00:00Z", "modified": "2019-02-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Ship", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://cybermaretique.fr/les-gardes-cotes-americains-interviennent-a-bord-dun-navire-objet-dun-incident-cyber/?preview=true https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--20b2b5fd-a94d-48e6-a02c-f40394693c8a", "created_by_ref": "identity--403787d3-f466-4d48-a0e9-a21185fafd74", "created": "2019-05-01T00:00:00Z", "modified": "2019-05-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Logistics", "incident_type": "Intrusion", "location": { "country": "KW" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://www.marsecreview.com/2019/10/two-major-cyberattacks-have-targetted-kuwait-transportation-and-shipping-industry-this-year/ https://unit42.paloaltonetworks.com/xhunt-campaign-attacks-on-kuwait-shipping-and-transportation-organizations/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--da2c8b80-680a-489a-ab95-c4e3fa69b75d", "created_by_ref": "identity--5f0622c4-1382-487f-944d-5fc339d17d45", "created": "2019-05-01T00:00:00Z", "modified": "2019-05-01T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Ship", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.travelagentcentral.com/cruises/data-breach-affects-princess-cruises-holland-america-line-guests https://digit.fyi/carnival-cruise-lines-announces-cyber-attack-on-its-systems/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--09724edf-f0c1-44a2-95fe-c8c6fef547b9", "created_by_ref": "identity--7042d083-8a1f-41ee-b063-defba34142b4", "created": "2019-07-01T00:00:00Z", "modified": "2019-07-01T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Port", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "IL" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://dredgingandports.com/news/2019/2298/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a687a89c-0e88-426f-a6fa-061555ec0bd3", "created_by_ref": "identity--3b5e2f56-b715-40cb-aee6-5d0438639bd7", "created": "2019-07-01T00:00:00Z", "modified": "2019-07-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": " https://www.freightwaves.com/news/u-s-maritime-agency-found-vulnerable-to-cyber-hacking https://www.oig.dot.gov/sites/default/files/MARAD%20IT%20Infrastructure%20Final%20Report-Redacted%5E07-24-19_0.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--bc38ca8f-9557-4d7c-83f5-870889066f6c", "created_by_ref": "identity--9e773aad-eed3-49be-80f8-c309fced1db2", "created": "2019-07-01T00:00:00Z", "modified": "2019-07-01T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Port", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "CN" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.technologyreview.com/2019/11/15/131940/ghost-ships-crop-circles-and-soft-gold-a-gps-mystery-in-shanghai/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--fd6cf026-5581-4338-9cca-dce1e18581a2", "created_by_ref": "identity--efd25e1f-7814-4a72-8e9c-3526803d112e", "created": "2019-11-01T00:00:00Z", "modified": "2019-11-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Logistics", "incident_type": "Intrusion", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.bbc.com/news/topics/cvl7nn4qpzqt/james-fisher-sons https://www.reuters.com/article/us-james-fisher-cybercrime-idUSKBN1XF1SQ https://www.maritime-executive.com/article/james-fisher-and-sons-hit-by-cyberattack https://www.insurancejournal.com/news/international/2019/11/05/547587.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--342dd08c-aaf9-419e-a7d3-fafbcedb50e9", "created_by_ref": "identity--b04804d0-a39f-4702-ad69-60d3e3d68fb4", "created": "2019-11-10T00:00:00Z", "modified": "2019-11-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://oilprice.com/Latest-Energy-News/World-News/Pemex-Still-Suffers-Cyberattack-Fallout.html https://www.bnnbloomberg.ca/pemex-communications-still-spotty-after-crippling-cyberattack-1.1353325 https://www.rigzone.com/news/wire/pemex_faces_payment_problems_after_cyber_attack-12-nov-2019-160312-article/ https://www.maritime-executive.com/article/pemex-refuses-to-pay-hackers" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d7065b08-211e-451b-af2e-2d41eee57222", "created_by_ref": "identity--e7da322b-d4e7-417f-8fb4-1e0588b12fd4", "created": "2019-12-01T00:00:00Z", "modified": "2019-12-01T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "CN" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.gpsworld.com/chinese-gps-spoofing-circles-could-hide-iran-oil-shipments/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b3c5dbc8-23b2-4542-8994-7edc2b0fdcb6", "created_by_ref": "identity--613458cc-52b1-472d-90b0-5e4e2e313772", "created": "2019-12-01T00:00:00Z", "modified": "2019-12-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Ryuk", "external_references": [ { "source_name": "Reference", "url": "https://cybermaretique.fr/le-rancongiciel-ryuk-entraine-plus-de-30-heures-dinterruption-dactivite-pour-un-acteur-du-monde-maritime/ https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-200121.pdf https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2019/MSIB_10_19.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--fcaa1075-071c-4ffd-bed0-729c666cd86e", "created_by_ref": "identity--a9a39d0d-fd5c-4197-becc-e38741671231", "created": "2019-12-01T00:00:00Z", "modified": "2019-12-01T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "IT" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://www.emsa.europa.eu/ssn-main/documents/workshop-presentations-a-reports/download/5945/3746/41.html https://www.mdpi.com/2077-1312/8/10/776/pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--77aff092-7c95-49de-bc8f-c223318004bb", "created_by_ref": "identity--81126b28-1614-4266-832f-16f1e4544324", "created": "2019-12-30T00:00:00Z", "modified": "2019-12-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Maze", "external_references": [ { "source_name": "Reference", "url": "https://splash247.com/london-offshore-consultants-suffers-ransomware-attack/ https://insurancemarinenews.com/insurance-marine-news/london-offshore-consultants-suffers-ransomware-attack/ https://news.sky.com/story/cyber-criminals-hacked-london-based-company-and-demanded-ransom-11910928" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4320c334-7ff6-4160-8407-88835f2e2ce2", "created_by_ref": "identity--30dfb877-1df8-4ce5-ab06-4e9937763cd9", "created": "2019-XX-XXT00:00:00Z", "modified": "2019-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Ship", "incident_type": "Virus/Ransomware", "location": { "country": "FI" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://alsum.co/ataques-ciberneticos-a-la-industria-maritima-en-los-ultimos-10-anos/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--590a8692-ff83-4565-a086-fab8508b84fd", "created_by_ref": "identity--cc5aa048-c527-425e-b382-acfd62bfd11b", "created": "2019-XX-XXT00:00:00Z", "modified": "2019-XX-XXT00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "NO" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://nsm.no/getfile.php/131421-1587034764/Hermans%20undermappe%20med%20bilder/NSM_Risiko_2020_web_0104.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6ffb2549-d5d3-4077-9542-4dc6a70b1b10", "created_by_ref": "identity--ae054edb-91f5-4d36-87a2-d675b9898de4", "created": "2019-XX-XXT00:00:00Z", "modified": "2019-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Ship", "incident_type": "Virus/Ransomware", "location": { "country": "XX" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.transnav.eu/files/A%20Retrospective%20Analysis%20of%20Maritime%20Cyber%20Security%20Incidents,1144.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1b58efad-2925-46cc-979b-cc7fcf1199b4", "created_by_ref": "identity--fe7a21e1-cc3f-4dd0-8342-708369714ed1", "created": "2019-09-XXT00:00:00Z", "modified": "2019-09-XXT00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": "The victim is a tanker ship carrying over 5,000 metric tons of ethanol. As it was approaching Cyprus's shoreline during the night, the ship lost its GPS fix, making navigation challenging, especially in unfamiliar waters and in the dark. According to sources, the captain of the ship alerted the pilots' office at the oil terminal. This anomaly in GPS is quite usual around Cyprus. The country has experienced significant GPS disruptions for at least the two years preceeding the incident, making it a representative case in the broader global challenge of intentional interference with vital navigation systems.", "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "CY" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://fortune.com/longform/gps-outages-maritime-shipping-industry/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1e45a40f-dfbd-462d-aa79-46d7f2f8ef65", "created_by_ref": "identity--10624706-c0c2-467c-ad0b-d39efcf88834", "created": "2020-01-05T00:00:00Z", "modified": "2020-01-05T00:00:00Z", "name": "Data leak", "description": null, "sector": "Ship", "incident_type": "Data leak", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c479ea2f-3468-4ec6-a6c5-59df328798ca", "created_by_ref": "identity--2d191397-b518-4ba9-a416-ef542f3594d3", "created": "2020-01-10T00:00:00Z", "modified": "2020-01-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://twitter.com/fbgwls245/status/1215575390091014149" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d2940f42-9a0e-4cd8-8078-6332cb2ab728", "created_by_ref": "identity--a4ba5eba-a300-45c9-baf3-99199e5e6784", "created": "2020-02-23T00:00:00Z", "modified": "2020-02-23T00:00:00Z", "name": "Data leak", "description": null, "sector": "Logistics", "incident_type": "Data leak", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.tql.com/carrierhotline" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0e9ef991-e253-41c4-a1ef-b795d56261e0", "created_by_ref": "identity--f77eb7d7-69f6-477f-8bf0-f6f9144fee7a", "created": "2020-03-15T00:00:00Z", "modified": "2020-03-15T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, an administrative entity encompassing the cities of Marseille, Martigues, and the Aix-Marseille-Provence metropolis, was hit by a ransomware attack. This region, significant for its public services and infrastructure, faced a cyber incident that targeted interconnected information systems across multiple municipalities, including the Grand Port Maritime de Marseille. According to sources, over the course of a weekend, the public sector's digital infrastructure was compromised by ransomware identified as Mespinoza/Pysa. As a consequence, networks had to be isolated. The presence of backup and recovery systems have mitigated the damage, averting the worst outcomes. No proven impact was detected on the port’s OT systems.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Mespinoza/Pysa", "external_references": [ { "source_name": "Reference", "url": "https://www.lemondeinformatique.fr/actualites/lire-aix-marseille-provence-touchee-par-une-cyberattaque-78444.html https://www.lemondeinformatique.fr/actualites/lire-l-anssi-decrit-la-cyberattaque-qui-a-frappe-aix-marseille-provence-78492.html https://www.lexpress.fr/region/provence-alpes-cote-d-azur/marseille-et-sa-metropole-affectees-par-une-cyberattaque-inedite-depuis-un-mois_2123460.html https://www.ouest-france.fr/high-tech/cyberattaque-contre-marseille-l-agence-de-securite-informatique-alerte-les-collectivites-locales-6784949 https://www.nolimitsecu.fr/ransomware-retour-d-experience-sur-une-compromission/ https://www.youtube.com/watch?v=-7Rs41FST-Q " }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--29a72b08-db9e-4754-a5d1-20ce5a66a3ab", "created_by_ref": "identity--45f9f4b6-6035-4e71-95c5-6a48c54a30c2", "created": "2020-04-07T00:00:00Z", "modified": "2020-04-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "DK" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://ics-cert.kaspersky.com/news/2020/04/17/new-ransomware/ https://www.desmi.com/news/desmi-hit-by-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--77c5aba8-fcae-42d0-b996-9caf5e6b3975", "created_by_ref": "identity--31b1323d-caef-417f-8403-592ed72748ff", "created": "2020-04-10T00:00:00Z", "modified": "2020-04-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "CH" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://cybermaretique.fr/larmateur-msc-victime-dune-probable-cyberattaque/ https://cybermaretique.fr/la-cyberattaque-sur-msc-confirmee-par-larmateur/ https://www.securityweek.com/shipping-giant-msc-confirms-outage-caused-malware-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1147fa4a-1445-4c26-a3a3-1045fe23b8ca", "created_by_ref": "identity--4e8c57a9-c7a8-4004-9370-44c5225bb8dc", "created": "2020-04-21T00:00:00Z", "modified": "2020-04-21T00:00:00Z", "name": "Phishing", "description": null, "sector": "Ship", "incident_type": "Phishing", "location": { "country": "CL" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://apam-peru.com/web/alertamos-a-comunidad-portuaria-uso-fraudulento-de-identidad-de-autoridades/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--316d9677-5114-47df-b575-001f9c09cf8e", "created_by_ref": "identity--4cff12f2-99ca-4301-853c-811e1f9d7193", "created": "2020-04-23T00:00:00Z", "modified": "2020-04-23T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Manufacturer", "incident_type": "Virus/Ransomware", "location": { "country": "SE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--24f37741-39fe-4144-a6ef-0d76697795c6", "created_by_ref": "identity--c3f611b2-a4b8-402e-aab3-efed015668a7", "created": "2020-04-27T00:00:00Z", "modified": "2020-04-27T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://blog.cyble.com/2020/04/28/nefilim-ransomware-operators-strike-wt-offshore-a-leading-independent-oil-and-natural-gas-producer/ https://blog.cyble.com/2020/05/07/netfilm-ransomware-operators-publishes-the-data-leak-part-2-of-wt-offshore-a-leading-independent-oil-and-natural-gas-producer/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--06636d1e-58b7-48f2-8749-a0f85ded44b7", "created_by_ref": "identity--4190fef8-a8b3-49fb-b640-fd26a692336f", "created": "2020-05-05T00:00:00Z", "modified": "2020-05-05T00:00:00Z", "name": "Data leak", "description": null, "sector": "Logistics", "incident_type": "Data leak", "location": { "country": "AU" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.tollgroup.com/toll-it-systems-updates https://cisomag.eccouncil.org/mailto-ransomware-hits-toll-group-deliveries-across-australia-affected/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--afc33cd2-2a99-479f-a221-1e3251aa2177", "created_by_ref": "identity--16990dae-6fa9-4943-8cb8-0635d5602d4f", "created": "2020-05-01T00:00:00Z", "modified": "2020-05-01T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.thelog.com/snw/ships-ais-broadcasts-draw-gps-crop-circles-thousands-of-miles-away-from-actual-locations/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6c9bd2fe-2860-4b4a-9346-5ae55da02cca", "created_by_ref": "identity--80a23ee5-dbf7-4fa9-9677-bc2713f42355", "created": "2020-05-09T00:00:00Z", "modified": "2020-05-09T00:00:00Z", "name": "Intrusion", "description": "The victim, a critical port the country's southern coast experienced an unanticipated cessation in its operations. The computer systems that coordinated the traffic of vessels, goods, and trucks collectively malfunctioned, resulting in significant delays on water routes and access roads. According to sources, officials publicly recognized that the port's computer systems had been compromised by a foreign cyberattack. Subsequent details suggest that the cyber intrusion was a significant offensive. This cyberattack could have been conducted in retaliation to a prior alleged attempt to breach other computer systems in the attacking country reported by the medias. The impacts of this attack would have been confirmed by satellite images showign traffic congestions leading to the port and numerous loaded container ships queued off the coast. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of Israel, although there has been no official acknowledgment from the Israeli side.", "sector": "Port", "incident_type": "Intrusion", "location": { "country": "IR" }, "threat_actor": "Israel", "external_references": [ { "source_name": "Reference", "url": "https://www.zdnet.com/article/iran-reports-failed-cyber-attack-on-strait-of-hormuz-port/ https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyberattacks.html https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html https://iranprimer.usip.org/blog/2023/may/03/report-iran-accelerates-cyberattacks https://www.youtube.com/watch?v=9XVIrXHtpeg" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--322240ad-c10e-4085-b947-bf6a09f95ed7", "created_by_ref": "identity--61d4edec-3098-41b2-98b2-9b2ce69028a0", "created": "2020-05-18T00:00:00Z", "modified": "2020-05-18T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "HK" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://splash247.com/anglo-eastern-suffers-ransomware-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--014349f0-e432-467d-8f86-6239b2d5222f", "created_by_ref": "identity--18404998-7084-4270-8d7e-a95f2184b4f2", "created": "2020-06-09T00:00:00Z", "modified": "2020-06-09T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "REvil", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/article/vard-hit-by-cyberattack https://www.databreaches.net/more-drama-in-the-world-of-ransomware-was-vard-group-victimized-twice/ https://www.insurancejournal.com/news/international/2020/06/09/571495.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--113db654-8bc1-46ae-b630-80e04e52ad36", "created_by_ref": "identity--71cd876b-8e6c-41fb-b4ed-a46dd8879277", "created": "2020-06-19T00:00:00Z", "modified": "2020-06-19T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, renowned for its production of luxury catamarans and sailing vessels and contributing significantly to the boating industry, was subjected to a cyber intrusion. The victim's shipyard was already facing challenges due to the COVID-19 epidemic which had previously disrupted operations. According to sources, on 19th June, the entity suffered a significant computer system breach. The breach's technical details and the identity of the perpetrators have not been made explicit in the accessible report. The intrusion and ransomware spread impacted both its IT infrastructure and part of its operational capabilities. This incident occurred during a critical period of production ramp-up following the easing of COVID-19 restrictions. Consequences of this incident may have included operational delays and potential financial repercussions, considering the earlier business growth and the victim's strategic efforts to recover from pandemic-related setbacks.", "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.capital.fr/entreprises-marches/fountaine-pajot-la-cyberattaque-est-maitrisee-1374296 https://www.boatindustry.com/news/36197/cyber-attack-boating-hit-repeatedly" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--08bfd1f8-3e5e-4a61-9479-b0d440efed96", "created_by_ref": "identity--8ea0a074-cd50-4654-bf74-0a83b5bda228", "created": "2020-06-20T00:00:00Z", "modified": "2020-06-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Maze", "external_references": [ { "source_name": "Reference", "url": "https://www.technadu.com/big-steel-sheet-manufacturer-struck-maze-ransomware/177307/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2b5b0785-7449-415f-9402-2b3ffc8e16ab", "created_by_ref": "identity--1e08b9d6-f079-45ef-8dd2-5ad6b3c724fa", "created": "2020-07-23T00:00:00Z", "modified": "2020-07-23T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Manufacturer", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.navionics.com/caf/blog/post/outage" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1e04133c-b93e-400b-b710-4ffc2f25891f", "created_by_ref": "identity--228c7e7c-cec6-41c4-9d6b-036261af9504", "created": "2020-07-25T00:00:00Z", "modified": "2020-07-25T00:00:00Z", "name": "Human error", "description": null, "sector": "Ship", "incident_type": "Human error", "location": { "country": "MU" }, "threat_actor": "Internal", "external_references": [ { "source_name": "Reference", "url": "https://amp.gob.pa/notas-de-prensa/delegacion-panamena-de-expertos-en-accidentes-maritimos-asiste-en-investigaciones-sobre-el-accidente-de-la-embarcacion-wakashio-en-isla-mauricio/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--725c4128-87b7-4e9e-ada6-a0854d0ba004", "created_by_ref": "identity--3aa140fc-7cf9-467b-b5bb-d28be55ad5c0", "created": "2020-08-01T00:00:00Z", "modified": "2020-08-01T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Port", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://cybermaretique.fr/les-incidents-connus/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6bded72a-584d-4e21-a163-d812ed3a9851", "created_by_ref": "identity--580425c0-e314-431d-ad28-41aa102a6d83", "created": "2020-08-05T00:00:00Z", "modified": "2020-08-05T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Maze", "external_references": [ { "source_name": "Reference", "url": "https://cyware.com/news/maze-rains-havoc-with-its-non-stop-attacks-rocks-thailand-lately-19f92e36" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e369dfb8-dbdd-4cce-ae4f-1f1d84c5b2cb", "created_by_ref": "identity--c9a2b4de-4108-4691-98d5-db179c3bc39c", "created": "2020-08-15T00:00:00Z", "modified": "2020-08-15T00:00:00Z", "name": "Data leak", "description": null, "sector": "Shipowner", "incident_type": "Data leak", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.carnivalcorp.com/news-releases/news-release-details/carnival-corporation-plc-identifies-ransomware-incident https://www.infosecurity-magazine.com/news/carnival-confirms-passenger-data/ https://www.prnewswire.com/news-releases/carnival-corporation--plc-update-on-cyber-event-301151284.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--59c9751a-8576-4a7b-9118-0bebc7839786", "created_by_ref": "identity--7e225075-47da-4a1b-8820-883b9fdad85b", "created": "2020-08-15T00:00:00Z", "modified": "2020-08-15T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Classification company", "incident_type": "Intrusion", "location": { "country": "NO" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://www.upstreamonline.com/politics/identity-of-dnv-gl-spy-revealed-as-probe-continues/2-1-860655" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--324c7b5e-9ef7-42dd-bd67-e01e94dff613", "created_by_ref": "identity--48e15996-2614-4bf0-8a07-4f03d6c4bbdf", "created": "2020-09-11T00:00:00Z", "modified": "2020-09-11T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "DK" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.projectcargojournal.com/project-logistics/2020/09/17/blue-water-shipping-target-of-hacker-attack/ https://www.soefart.dk/article/view/739814/blue_water_ramt_af_hackerangreb https://shippingwatch.com/logistics/article12414470.ece" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d1413c73-3eac-442f-9c1b-28cdec181897", "created_by_ref": "identity--bba7a0d4-b43c-4142-94c1-41f32c0ab956", "created": "2020-09-20T00:00:00Z", "modified": "2020-09-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.gefco.net/fr/newsroom/detail/news/message-de-luc-nadal-gefco-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4f723989-116d-4eca-8ff8-f1f760ce6d41", "created_by_ref": "identity--0cc65407-c451-489c-8e42-3ca4a1b0c117", "created": "2020-09-25T00:00:00Z", "modified": "2020-09-25T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GR" }, "threat_actor": "Egregor", "external_references": [ { "source_name": "Reference", "url": "https://www.cybersecurity-insiders.com/egregor-ransomware-locks-down-retail-giant-billing-machines/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4322d522-34cb-422b-a102-e8c213c4e481", "created_by_ref": "identity--3afc531b-6600-4304-a85e-d7ea70f46ab8", "created": "2020-09-25T00:00:00Z", "modified": "2020-09-25T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Organisation", "incident_type": "Intrusion", "location": { "country": "MT" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.transport.gov.mt/-ENG-TMNoticeDataBreachIDPC.pdf-f5565" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3b50e5c3-0a8a-4516-8458-7438aa3b2d7a", "created_by_ref": "identity--1a232eed-f296-403d-b9f0-69eacb34c108", "created": "2020-09-28T00:00:00Z", "modified": "2020-09-28T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Ragnar Locker", "external_references": [ { "source_name": "Reference", "url": "https://lloydslist.maritimeintelligence.informa.com/LL1134044/CMA%20CGM%20confirms%20ransomware%20attack https://www.lemagit.fr/actualites/252489714/Ransomware-CMA-CGM-victime-de-la-piraterie-de-Ragnar-Locker https://www.boursorama.com/bourse/actualites/cyberattaque-la-compagnie-maritime-cma-cgm-evalue-un-possible-vol-de-donnees-eca2e30d4ed228311ed8a34e061f1756 https://www.cmacgm-group.com/fr/news-media/global-it-update-09-29-2020 https://swzmaritime.nl/news/2020/10/01/cma-cgm-suspects-data-breach-in-recent-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2bdc1e97-bf20-424e-9541-4b5fd2945313", "created_by_ref": "identity--d7627783-bb2d-4777-ac1c-4c30a1f1e75f", "created": "2020-09-30T00:00:00Z", "modified": "2020-09-30T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Organisation", "incident_type": "Intrusion", "location": { "country": "GB" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://safetyatsea.net/news/2020/the-imo-hit-by-sophisticated-cyber-attack/ https://gcaptain.com/international-maritime-organization-hit-by-cyber-attack/ https://latesthackingnews.com/2020/10/08/un-maritime-agency-suffered-cyber-attack-disrupting-its-web-based-services/ https://insurancemarinenews.com/insurance-marine-news/cyber-attack-on-imo-confirmed/ https://www.reuters.com/article/idUSL8N2GS38E" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f3ea5d62-c1b4-4391-a6da-dccdce64eca0", "created_by_ref": "identity--acf3fd44-9313-4c97-b63e-f459470b1129", "created": "2020-10-01T00:00:00Z", "modified": "2020-10-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.bbc.com/news/uk-england-hampshire-54368110 https://www.maritime-executive.com/article/ferry-operator-red-funnel-hit-by-cyberattack https://www.islandecho.co.uk/red-funnel-suffers-malicious-attack-on-it-systems-causing-major-disruption/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f6f517b4-3a17-43e3-836b-1b1de9f9a308", "created_by_ref": "identity--e73081f6-40fc-40b9-9abd-169c9a22a254", "created": "2020-10-15T00:00:00Z", "modified": "2020-10-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "REvil", "external_references": [ { "source_name": "Reference", "url": "https://www.itwire.com/security/big-us-transportation-service-firm-hit-by-windows-revil-ransomware.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6a585b66-299e-4f7d-87cc-ff1ad4735389", "created_by_ref": "identity--3d56d1eb-2d63-4c8d-8c40-324c8c5d19a6", "created": "2020-10-20T00:00:00Z", "modified": "2020-10-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "CA" }, "threat_actor": "Egregor", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0fe6b46a-bdf7-42d6-8809-e132e225b23b", "created_by_ref": "identity--684370d3-b29a-4bd9-a571-f97e40f75fe2", "created": "2020-11-16T00:00:00Z", "modified": "2020-11-16T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--65225898-f948-4589-9337-c58777183cf3", "created_by_ref": "identity--78c0fea4-0deb-47aa-9a08-60284c2addbc", "created": "2020-11-16T00:00:00Z", "modified": "2020-11-16T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://safety4sea.com/washingtons-port-of-kennewick-confirms-cyber-attack/ https://www.professionalmariner.com/washingtons-port-of-kennewick-hit-by-cyberattack/ https://www.tri-cityherald.com/news/local/crime/article247251569.html https://www.portofkennewick.org/port-experiences-cybersecurity-incident/ https://www.maritime-executive.com/article/ransomware-attack-cripples-systems-of-inland-port-in-washington-state" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2d28b177-223b-4d3d-97da-7f1aff4f3e00", "created_by_ref": "identity--a9bf86ce-f666-4b90-b646-96d8ef43e329", "created": "2020-12-14T00:00:00Z", "modified": "2020-12-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://hotforsecurity.bitdefender.com/blog/cruise-line-operator-hurtigruten-crippled-in-ransomware-attack-24869.html https://www.reuters.com/article/hurtigruten-cyberattack/norwegian-cruise-liner-hurtigruten-sustains-cyberattack-idUKKBN28O1E5 https://www.securityweek.com/norwegian-cruise-company-hurtigruten-hit-cyberattack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4f4cc3fe-0a2a-4625-98de-7cb473bd969d", "created_by_ref": "identity--48a0987b-38c8-4aea-9921-afb84bd6e95c", "created": "2020-12-28T00:00:00Z", "modified": "2020-12-28T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.cruiselawnews.com/2020/12/articles/cyber-attacks/aida-cruise-ships-under-cyber-attack-are-costa-ships-also-affected/ https://www.bild.de/sparfochs/2020/sparfochs/kreuzfahrten-abgesagt-it-systeme-gestoert-aida-legt-schiffe-an-die-kette-74623228.bild.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--237dbf92-19c6-4e40-8e34-bfe51cd29d8e", "created_by_ref": "identity--c69e713a-52ea-4ab9-8455-77209db210cc", "created": "2020-XX-XXT00:00:00Z", "modified": "2020-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Ship", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.transnav.eu/files/A%20Retrospective%20Analysis%20of%20Maritime%20Cyber%20Security%20Incidents,1144.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--34fd4517-1ad9-48fc-974f-e58844fceae6", "created_by_ref": "identity--2038f021-a8d9-4d79-8bc1-126708cf2ae7", "created": "2020-XX-XXT00:00:00Z", "modified": "2020-XX-XXT00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Ship", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.transnav.eu/files/A%20Retrospective%20Analysis%20of%20Maritime%20Cyber%20Security%20Incidents,1144.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--79f6a66b-27de-420f-b9fa-2f6fe38a71a4", "created_by_ref": "identity--6d13cfda-b49d-4dba-9bbf-1142a85a1a8b", "created": "2020-06-02T00:00:00Z", "modified": "2020-06-02T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://cyprusshippingnews.com/2020/06/02/osm-cybersecurity-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--eabeba06-121b-40e9-84fa-ad36fbc440b6", "created_by_ref": "identity--729401bf-95e7-4218-9bd8-99816275d9db", "created": "2021-01-01T00:00:00Z", "modified": "2021-01-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Port", "incident_type": "Intrusion", "location": { "country": "KH" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6c448e5e-58c1-4659-b08d-66bfd8dbfe97", "created_by_ref": "identity--e5d80612-6936-4557-9a5f-9b9a5f1e297a", "created": "2021-01-01T00:00:00Z", "modified": "2021-01-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "PH" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dc89f13d-cacb-4c63-9e34-b633c36e5bd4", "created_by_ref": "identity--6035fea5-56b0-4d53-a393-6448ff4aa04b", "created": "2021-01-10T00:00:00Z", "modified": "2021-01-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Fishing", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.seafoodsource.com/news/business-finance/cyber-attackers-take-a-usd-6-million-toll-on-akva-and-its-first-quarter-financials" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--98346021-6fa2-4da9-8280-206365002329", "created_by_ref": "identity--e4ae69ce-7f95-4678-b24f-52b70fa8d3fd", "created": "2021-01-21T00:00:00Z", "modified": "2021-01-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "AU" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.odt.co.nz/star-news/star-national/courier-and-freight-firm-toll-group-targeted-cyber-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e9691865-dced-461d-a3fa-be467bfdcb25", "created_by_ref": "identity--86f6715a-ba5e-4446-af48-288b6e8ed236", "created": "2021-01-29T00:00:00Z", "modified": "2021-01-29T00:00:00Z", "name": "Data leak", "description": null, "sector": "Port", "incident_type": "Data leak", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.viport.com/post/vipa-alerts-public-of-data-security-incident https://www.virginislandsdailynews.com/news/port-authority-still-investigating-data-breach/article_d9734e54-3b3f-5b56-bc88-534baa15ea4f.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--44278782-080a-4c09-82e0-38946608a94c", "created_by_ref": "identity--6ca9f535-c2c3-4426-89e4-ca805fed171e", "created": "2021-02-04T00:00:00Z", "modified": "2021-02-04T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "SE" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://globalfishingwatch.org/data/analysis-reveals-false-vessel-tracks/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9d8d2732-c11e-4852-9124-02b692be8002", "created_by_ref": "identity--84b15314-23d9-4741-8a44-1bd1f4efbf82", "created": "2021-02-07T00:00:00Z", "modified": "2021-02-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "IN" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://archives.nseindia.com/corporate/ALLCARGO_16022021143713_IntimationCyber.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e2998245-2085-4a49-892c-8afcad4584cf", "created_by_ref": "identity--90f1642a-9997-4731-b820-86d1116068cf", "created": "2021-02-15T00:00:00Z", "modified": "2021-02-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Classification company", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--75495f73-b0a8-4a4b-a9f4-1b60012f552a", "created_by_ref": "identity--3ee4dedd-1b8e-43da-8620-90bc9eb2eb46", "created": "2021-02-18T00:00:00Z", "modified": "2021-02-18T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Port", "incident_type": "Intrusion", "location": { "country": "MM" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.ouest-france.fr/monde/birmanie/birmanie-des-hackers-ciblent-la-junte-et-des-automobilistes-bloquent-les-deploiements-7159127 https://www.lemonde.fr/international/article/2021/02/18/en-birmanie-des-sites-gouvernementaux-cibles-par-des-hackeurs_6070355_3210.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b13fcd05-ae4b-42db-9193-4b2ec59e8b0b", "created_by_ref": "identity--5eeb4bf3-6da3-4814-8c1b-1a31b5562791", "created": "2021-02-18T00:00:00Z", "modified": "2021-02-18T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, a prestigious multinational corporation in the boating industry, faced a cyberattack that disrupted its IT infrastructure. The company, which holds a significant market presence with its diverse range of boats and leisure homes, recognized the intrusion during the night of February 18 to 19, prompting an immediate and comprehensive shutdown of its information systems. According to sources, the attack compelled several production units, especially in France, to either slow down or completely cease operations for a few days. In response, the company deployed backup applications and systems to resume activities in a secure yet degraded mode while conducting thorough investigations to fully restore all systems. Despite the disruption, the financial impact of the incident is reportedly covered by the company’s insurance policies. Following the attack, the victim has been working diligently with cybersecurity experts and authorities to mitigate the consequences. Further details regarding the incident's implications on the company’s financial results were anticipated to be shared in a subsequent report on the annual revenues for the year ended December 31, 2020, with an estimated impact of 45 M€.", "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://press.beneteau-group.com/news/information-regarding-a-cyberattack-83cc-49529.html https://www.actunautique.com/2021/02/beneteau-victime-d-un-cyberattaque.html https://www.securityweek.com/boat-building-giant-beneteau-says-cyberattack-disrupted-production https://www.bfmtv.com/economie/entreprises/beneteau-victime-d-une-cyberattaque-en-2021_VN-202112060480.html https://www.boatindustry.com/news/36934/beneteau-2021-growth-almost-evaporated-in-cyber-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--19003b51-61fc-4f2a-8a1d-a9ad6c6291ab", "created_by_ref": "identity--f035426b-ef13-4ef5-982e-16c07f3b38f9", "created": "2021-02-23T00:00:00Z", "modified": "2021-02-23T00:00:00Z", "name": "Data leak", "description": null, "sector": "Organisation", "incident_type": "Data leak", "location": { "country": "AU" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.service.nsw.gov.au/system/files/2021-05/snsw-data-breach-post-incident-report.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e7244a95-d6df-4ef8-88ca-56a64f8a5d18", "created_by_ref": "identity--7eb3ffc7-51c7-43bd-9487-6df04f9b3e6a", "created": "2021-03-06T00:00:00Z", "modified": "2021-03-06T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "CN" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.maritimebusinessworld.com/cosco-shipping-hacked-by-a-brazilian-hacker-3084h.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--10811cbb-fc8b-4dda-a8a6-4e7990db809e", "created_by_ref": "identity--ffd7f786-0218-4585-8ee8-019e7487fbd7", "created": "2021-03-18T00:00:00Z", "modified": "2021-03-18T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "JP" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://insurancemarinenews.com/insurance-marine-news/k-line-confirms-cyber-breach/ https://www.maritime-executive.com/article/japan-s-k-line-apologizes-for-second-cyberattack-in-months https://safety4sea.com/k-line-issues-apology-after-yet-another-cyber-attack/ https://www.klpl.com.sg/2021/06/25/notice-of-cyber-security-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4e32d881-3a55-44d7-a056-5be7acd30074", "created_by_ref": "identity--6633fe65-6087-47b6-9dd5-adba71cb5d69", "created": "2021-03-19T00:00:00Z", "modified": "2021-03-19T00:00:00Z", "name": "Data leak", "description": null, "sector": "Shipowner", "incident_type": "Data leak", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://threatpost.com/carnival-cruise-cyberattack/167065/ https://www.bleepingcomputer.com/news/security/carnival-cruise-hit-by-data-breach-warns-of-data-misuse-risk/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dd643a36-a5d0-4c43-94cd-609dfb60bfda", "created_by_ref": "identity--f078ffa8-10c7-48f1-a7b7-20aa22f76f42", "created": "2021-03-26T00:00:00Z", "modified": "2021-03-26T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "BE" }, "threat_actor": "Human error", "external_references": [ { "source_name": "Reference", "url": "https://www.flows.be/scheepvaart/2021/03/dronekiller-mogelijke-oorzaak-van-verstoring-scheepvaart-westerschelde/ https://www.omroepzeeland.nl/nieuws/13540046/navigatie-van-schepen-op-westerschelde-verstoord-door-dronekiller-van-luxe-jacht" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3f1676da-8fcb-4723-86b2-29e74646a147", "created_by_ref": "identity--a0e28955-3544-44f8-8aa9-2af67ffd93ef", "created": "2021-04-01T00:00:00Z", "modified": "2021-04-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://nanao.cybtex.fr/@socat/106151149438485586" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--44643b91-2e18-4962-9f49-f969269da8c8", "created_by_ref": "identity--1fcfc9bf-ded6-433e-96df-614e915c97e2", "created": "2021-04-01T00:00:00Z", "modified": "2021-04-01T00:00:00Z", "name": "Scam", "description": "The victim, a maritime service provider to the oil industry, experienced a cyberattack which resulted in the lockdown of its IT systems. The entity, known for operating a fleet of over 350 vessels serving the global oil and gas sector, was targeted in a security breach that occurred overnight. According to sources, the cyberattack was detected between the night of April 8 and the morning of April 9. As a security measure, access to computer applications such as email was suspended, rendering the company's employees without access to their computers. However, it was noted that no client operations were halted due to the attack. Communications from ships to shore remained active. The company's spokesperson refrained from specifying whether the attack involved ransomware but confirmed that, thus far, no data theft has been detected. In response to the attack, the company worked to restore its IT systems. Despite the cyber incident, the company assured that its operational activities, particularly its client services remained uninterrupted.", "sector": "Offshore", "incident_type": "Scam", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.bairdmaritime.com/work-boat-world/offshore-world/bourbon-targeted-by-cyber-attack/ https://splash247.com/bourbon-confirms-cyber-attack/ https://seawanderer.org/fr-the-bourbon-group-hit-by-a-cyber-attack https://www.lefigaro.fr/flash-eco/le-groupe-bourbon-frappe-par-une-cyberattaque-20210413 https://www.lejournaldesentreprises.com/region-sud/article/les-compagnies-maritimes-marseillaises-bourbon-et-gazocean-victimes-de-cyberattaques-1187758" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e590ec54-1768-40d3-af98-6f5b35db545d", "created_by_ref": "identity--30c8e20f-f455-4211-ac64-0f2fabb48dfb", "created": "2021-04-07T00:00:00Z", "modified": "2021-04-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "AE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://twitter.com/hiramcoop/status/1379920414990827521" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--50ef2abb-070f-4cb3-8295-0cf357029b64", "created_by_ref": "identity--0f2445e2-3e67-49d0-abf6-cf26ffb5b5d4", "created": "2021-04-07T00:00:00Z", "modified": "2021-04-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--91d21a7c-f681-497c-b62a-0637bcdadd93", "created_by_ref": "identity--f83dae25-9beb-4752-9333-47f94707d3fd", "created": "2021-04-08T00:00:00Z", "modified": "2021-04-08T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.lefigaro.fr/flash-eco/le-groupe-bourbon-frappe-par-une-cyberattaque-20210413 https://splash247.com/bourbon-confirms-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2db8c938-00f3-4168-8c81-19c04a209bc9", "created_by_ref": "identity--ebc9e420-bb0e-4d1a-8d87-fbb94ea9fc7a", "created": "2021-04-27T00:00:00Z", "modified": "2021-04-27T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Organisation", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.ladepeche.fr/2021/04/30/toulouse-les-voies-navigables-de-france-victime-dune-cyber-attaque-la-navigation-rouvre-quand-meme-lundi-9519708.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e180a766-5d41-4a72-8a0f-a5da9cdeb110", "created_by_ref": "identity--6b07b0d4-f94e-4ca2-9244-d3e8d1c0430c", "created": "2021-05-03T00:00:00Z", "modified": "2021-05-03T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Defence", "incident_type": "Spearphishing", "location": { "country": "RU" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://thehackernews.com/2021/05/new-chinese-malware-targeted-russias.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a975b61b-84d4-47b5-952c-3921e99c5dac", "created_by_ref": "identity--3a49326e-1f5b-48ea-8c50-b0e87ac62b41", "created": "2021-05-10T00:00:00Z", "modified": "2021-05-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "NL" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--22f49af2-e1a0-48d9-982f-fab193b54064", "created_by_ref": "identity--3a230fdc-dcc5-4090-ba4c-de78d1f99935", "created": "2021-05-21T00:00:00Z", "modified": "2021-05-21T00:00:00Z", "name": "Scam", "description": null, "sector": "Shipowner", "incident_type": "Scam", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www-hammonia--schiffsholding-de.translate.goog/index.php_nav_main=ir&nav_main_sub=ir_unternehmensmitteilungen&nav_main_sub_1=ir_aktuelle_unternehmensmitteilungen.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=fr" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4e8c04e1-cf61-4a92-8768-9e834448d789", "created_by_ref": "identity--815c0835-09ce-48a1-9bd1-aa93e9fba35b", "created": "2021-05-22T00:00:00Z", "modified": "2021-05-22T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "PE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": " https://www.cronup.com/ransomware-en-latam-prometheus-group-of-revil/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--eb6a9c59-992e-4a24-aa1b-67e97c526442", "created_by_ref": "identity--92afd533-50d8-4402-af33-66c1800ff83b", "created": "2021-06-01T00:00:00Z", "modified": "2021-06-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a060f782-9b86-4037-a1a7-08ade916d889", "created_by_ref": "identity--4cee1b21-5ab8-46cd-924e-4240f782a602", "created": "2021-06-02T00:00:00Z", "modified": "2021-06-02T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.marinelink.com/news/marthas-vineyard-nantucket-ferries-hit-488166 https://www.nbcboston.com/news/local/mass-steamship-authority-recovering-from-cyber-attack/2396340/ https://eu.capecodtimes.com/story/news/2021/06/02/ransomware-attack-woods-hole-marthas-vineyard-nantucket-steamship-authority-delaying-operations/7504952002/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--060315b6-4de6-4c54-ab6c-3d4a622c71b0", "created_by_ref": "identity--ed5b17f2-1f59-4e8e-9bb6-0a7f3e960d23", "created": "2021-06-02T00:00:00Z", "modified": "2021-06-02T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ee6d1918-2fbc-4318-944f-ff033b2ab2fd", "created_by_ref": "identity--d9bf2ae0-4e95-4915-b687-06cd04a4ceb9", "created": "2021-06-03T00:00:00Z", "modified": "2021-06-03T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "BR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3d261822-ae5b-40d9-a32a-5872cbe30369", "created_by_ref": "identity--259e3eb1-348e-4fd2-9bd9-f5b89e5f3d62", "created": "2021-06-04T00:00:00Z", "modified": "2021-06-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--df41b779-311b-4e72-a338-b710f4dc458b", "created_by_ref": "identity--b8be5251-e5f1-406c-8365-6a294692bb2e", "created": "2021-06-07T00:00:00Z", "modified": "2021-06-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Fluvial", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--127b6c2d-f38b-4a23-b24b-481f73b9dcc3", "created_by_ref": "identity--5d766ed0-a07f-469e-8486-201e800b3c08", "created": "2021-06-15T00:00:00Z", "modified": "2021-06-15T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipyard", "incident_type": "Intrusion", "location": { "country": "KR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.marineinsight.com/shipping-news/hmm-confirms-virus-attack-e-mail-system-affected-temporarily/ https://splash247.com/hmm-confirms-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2421c57e-3d64-4f35-9198-3fd92778d01a", "created_by_ref": "identity--5d6866c5-2c1a-43c5-ac22-b36ab5c5759f", "created": "2021-06-17T00:00:00Z", "modified": "2021-06-17T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5d67f558-45ff-4189-ad18-4d72cf9b8d53", "created_by_ref": "identity--2abd462f-9fd0-48bf-b371-7e3502f85ec4", "created": "2021-06-21T00:00:00Z", "modified": "2021-06-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "KR" }, "threat_actor": "North Korea", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/article/north-korean-hackers-steal-warship-plans-from-dsme https://www.reuters.com/article/us-northkorea-missiles-cybercrime-idUSKBN1D00EX https://www.newsweek.com/north-koreas-cyber-attack-hacked-south-koreas-warship-plans-seoul-lawmaker-696956 https://webcache.googleusercontent.com/search?q=cache:gFbjXuLu5UIJ:https://nationalcybersecuritynews.today/south-korea-probes-possible-hack-of-dsme-computers-cybersecurity-cyberattack/ https://www.scmp.com/news/asia/east-asia/article/2117721/north-korea-hacked-blueprints-south-korean-warships-and-subs https://therecord.media/north-korean-hackers-breach-south-korean-submarine-builder-again/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--68362ebe-3970-4905-a55e-c7b610c45180", "created_by_ref": "identity--c627054d-9b10-44f4-bb9d-829a96556197", "created": "2021-06-24T00:00:00Z", "modified": "2021-06-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "IT" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.infosec.news/2021/06/24/news/sicurezza-digitale/cyber-security-in-italia-camma-fa/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--938c94da-7c0f-4ed2-8dc8-a4e3340088d8", "created_by_ref": "identity--2f518df7-9cb3-49e9-811b-db20cb30dc00", "created": "2021-06-24T00:00:00Z", "modified": "2021-06-24T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Defence", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "GB" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.euronews.com/next/2021/06/28/hms-defender-ais-spoofing-is-opening-up-a-new-front-in-the-war-on-reality" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--fede6c8a-c6f1-42ca-90d9-f811c85762b2", "created_by_ref": "identity--676edb88-9f0a-481b-b3d0-071cc52d6df8", "created": "2021-06-29T00:00:00Z", "modified": "2021-06-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "CL" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.cronup.com/ransomware-en-latam-prometheus-group-of-revil/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--83b5fb8e-b915-40f6-badc-7acffec82142", "created_by_ref": "identity--effecf56-acd5-4017-9e9c-f980d9293c50", "created": "2021-06-29T00:00:00Z", "modified": "2021-06-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "JP" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/article/japan-s-k-line-apologizes-for-second-cyberattack-in-months https://splash247.com/k-line-apologises-for-second-hacking-incident-this-year/ https://www.eblueeconomy.com/breaking-news-k-line-apologises-for-second-hacking-incident-this-year/ https://www.kline.co.jp/en/news/other/other-1346357855826564069/main/0/link/210701EN.pdf https://safety4sea.com/k-line-issues-apology-after-yet-another-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9649d3f4-d150-4cc2-af12-84a0112c2ff0", "created_by_ref": "identity--410b4184-74a7-46da-9f0c-f190b506707d", "created": "2021-07-07T00:00:00Z", "modified": "2021-07-07T00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, organisation working for the maritime and Marine Renewable Energy sector is hit by a ransomware attack.", "sector": "Organisation", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "REvil", "external_references": [ { "source_name": "Reference", "url": "https://www.redpacketsecurity.com/revil-happy-blog-ransomware-victim-inocean-no-2000-gb/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--24d1b57a-72c9-45db-94ed-9a4a060e9853", "created_by_ref": "identity--5bc8a295-f0e5-48d4-8d4d-e3d00a4f081c", "created": "2021-07-09T00:00:00Z", "modified": "2021-07-09T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Fishing", "incident_type": "Virus/Ransomware", "location": { "country": "PE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://inf.news/en/tech/a3de765c61ef44579368a7fcb763a1dc.html https://twitter.com/1ZRR4H/status/1413457847526969346" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3b97aae1-011f-4b96-b09f-ca1bfea06664", "created_by_ref": "identity--59ad8cc4-0205-4b86-8323-9c927174e1c4", "created": "2021-07-13T00:00:00Z", "modified": "2021-07-13T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "SY" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--08628b78-eae7-4e5c-bd3b-53a46791e70c", "created_by_ref": "identity--c5043ae5-694f-409c-95b0-e53a9a2b3e7e", "created": "2021-07-13T00:00:00Z", "modified": "2021-07-13T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "ES" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.silikn.com/2021/07/se-incrementa-la-actividad-del.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d9621573-7a52-4ca6-a4a4-da86ec1858a5", "created_by_ref": "identity--2d6ddfff-eaf0-4bf7-ab27-a24384263b5e", "created": "2021-07-22T00:00:00Z", "modified": "2021-07-22T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "ZA" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.reuters.com/world/africa/exclusive-south-africas-transnet-hit-by-cyber-attack-sources-2021-07-22/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a6dffcf5-d6ac-4b5c-a572-92ca39b1bf4e", "created_by_ref": "identity--2dbb0bca-e168-483a-8c46-ec175854eb2f", "created": "2021-07-29T00:00:00Z", "modified": "2021-07-29T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "XX" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https:/6skytruth.org/2021/07/systematic-data-analysis-reveals-false-vessel-tracks/ https://globalfishingwatch.org/data/analysis-reveals-false-vessel-tracks/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--aad3e623-57cb-44b9-ba5f-e69127e8c62a", "created_by_ref": "identity--3e9335fa-b630-4245-8c2e-e1dad84904aa", "created": "2021-07-30T00:00:00Z", "modified": "2021-07-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "PE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f6fa85d3-bdfb-4ef0-a95c-e343bbb76a1b", "created_by_ref": "identity--68f999fc-585f-4d3b-8574-e6db8e5095cc", "created": "2021-08-09T00:00:00Z", "modified": "2021-08-09T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Manufacturer", "incident_type": "Virus/Ransomware", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a693a420-a979-41c6-ac90-4248d4d88806", "created_by_ref": "identity--831c46ac-41a3-4ad3-a7cc-57bc2ebcd270", "created": "2021-08-11T00:00:00Z", "modified": "2021-08-11T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "ES" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.freightwaves.com/news/did-hackers-pull-off-a-maritime-colonial-pipeline-20" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--01ede1a7-6b00-4c9e-88bb-bbe8f4c53ac6", "created_by_ref": "identity--fbe7efa4-1d4b-4fc2-8444-d908f99e1045", "created": "2021-08-11T00:00:00Z", "modified": "2021-08-11T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "TR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a04adb07-74fd-4fcd-823b-6407c67f22c5", "created_by_ref": "identity--a003d3fc-1bfc-4eb2-89e8-d2a3138ec73a", "created": "2021-08-16T00:00:00Z", "modified": "2021-08-16T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Insurer", "incident_type": "Virus/Ransomware", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.tokiomarinehd.com/en/release_topics/release/k82ffv000000az4g-att/20210816_e.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--bfd3039d-4502-4372-8085-6b16b41bf750", "created_by_ref": "identity--d7cd877c-bccf-4883-a888-9a9665396ae9", "created": "2021-08-21T00:00:00Z", "modified": "2021-08-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Fishing", "incident_type": "Virus/Ransomware", "location": { "country": "JP" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6575b203-082a-4aec-8c31-2e75e01d971c", "created_by_ref": "identity--059cb85f-505c-4fe5-903e-f38f9d6e4e28", "created": "2021-08-21T00:00:00Z", "modified": "2021-08-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.leschaco.com/fileadmin/user_upload/Leschaco_FAQ_RansomwareIncident.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b784b80f-7db7-4a21-86bf-53007dccfd01", "created_by_ref": "identity--f2367396-38ad-474f-a68f-79462a8b5d10", "created": "2021-09-XXT00:00:00Z", "modified": "2021-09-XXT00:00:00Z", "name": "Intrusion", "description": null, "sector": "Port", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.workboat.com/government/cyber-incident-targets-texas-facility" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--baa3a1aa-98d1-41ca-bdd4-11ff15ce3a56", "created_by_ref": "identity--be600279-ab64-460f-beda-6d27e86259b5", "created": "2021-09-19T00:00:00Z", "modified": "2021-09-19T00:00:00Z", "name": "Data leak", "description": "The victim experienced a cyberattack under a year following a previous ransomware incident. According to sources, the shipping company suffered a data leak involving customer information, such as names, employers, positions, email addresses, and phone numbers. In response, its IT teams immediately developed and installed security patches. The company had advised clients to be vigilant about their account security and to validate the authenticity of emails related to account access, hinting at the potential phishing origins of the attack. No stoppage of client operations was reported.", "sector": "Shipowner", "incident_type": "Data leak", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.offshore-energy.biz/cma-cgm-targeted-by-hackers-in-new-cyber-attack/ https://splash247.com/cma-cgm-hit-by-another-cyber-attack/ https://container-news.com/another-cyber-attack-challenges-cma-cgm/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--02bb9681-e3c4-44c2-af12-3fa0b7408165", "created_by_ref": "identity--65b8ad23-5c20-4715-8da5-5ea5b8c1a9e2", "created": "2021-10-12T00:00:00Z", "modified": "2021-10-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "TH" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f2af052b-4322-4ca1-b430-eb1ab5115d62", "created_by_ref": "identity--8e8c0b63-2b5f-4a37-b2b3-f0a597d439f9", "created": "2021-10-12T00:00:00Z", "modified": "2021-10-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "QA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9d963ce3-fca1-4fa2-a883-5497f3af71a3", "created_by_ref": "identity--e90c771c-39bc-4d16-86ea-e4898b21044c", "created": "2021-10-21T00:00:00Z", "modified": "2021-10-21T00:00:00Z", "name": "Data leak", "description": null, "sector": "Shipowner", "incident_type": "Data leak", "location": { "country": "FR" }, "threat_actor": "Human error", "external_references": [ { "source_name": "Reference", "url": "https://www.theregister.com/2021/11/10/brittany_ferries/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c2166784-17c0-4000-a147-ca3763bb78db", "created_by_ref": "identity--c9fac2eb-cb61-486e-9043-f2e2cad74c7c", "created": "2021-10-24T00:00:00Z", "modified": "2021-10-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "KR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/article/south-korean-shipbuilder-dsme-confirms-new-possible-cyber-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--69fe1ef7-d30d-40f9-9c0d-825190663820", "created_by_ref": "identity--f6b1a08b-c82f-4999-81f3-e68791acf5c2", "created": "2021-11-01T00:00:00Z", "modified": "2021-11-01T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.maritime-executive.com/article/cyberattack-hits-multiple-greek-shipping-firms https://www.securedrive.com/blog/greek-shipping-software-hit-by-ransomware/ https://splash247.com/greek-shipowners-cyber-tricked-over-halloween-weekend/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--056ef410-d7f3-42fd-8583-15de8d50447f", "created_by_ref": "identity--236791c7-30de-4133-9420-a1a669022d2f", "created": "2021-11-19T00:00:00Z", "modified": "2021-11-19T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "MRE", "incident_type": "Virus/Ransomware", "location": { "country": "DK" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.vestas.com/en/media/company-news/2021/second-update-on-cyber-incident-c3462120 https://www.reuters.com/business/energy/hackers-make-some-vestas-data-public-after-ransomware-attack-2021-12-09/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f5cf6bcd-d383-45d8-a617-2fdefc2e6c11", "created_by_ref": "identity--85302754-aa90-4e66-b985-41fec9ac976c", "created": "2021-11-20T00:00:00Z", "modified": "2021-11-20T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Classification company", "incident_type": "Intrusion", "location": { "country": "FR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://group.bureauveritas.com/sites/g/files/zypfnx196/files/media/document/PR_BV_22112021_CyAt_FR_0.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ffe67e90-1796-4564-b2d8-b14c69a1ef25", "created_by_ref": "identity--4df3adf3-42dd-4a5e-ae09-26791e123aad", "created": "2021-11-24T00:00:00Z", "modified": "2021-11-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "AU" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.tradetrucks.com.au/industry-news/2111/acfs-port-logistics-wards-off-cyber-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f9c9eb59-7b9a-4c16-81d7-bf9860bf0efe", "created_by_ref": "identity--d9f0afc5-a941-46cd-8406-7c1ab3e1578d", "created": "2021-11-25T00:00:00Z", "modified": "2021-11-25T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "SG" }, "threat_actor": "Cl0p", "external_references": [ { "source_name": "Reference", "url": "https://www.seatrade-maritime.com/technology/swire-pacific-offshore-hit-cyberattack https://www.hellenicshippingnews.com/swire-pacific-offshore-notice-of-cyber-security-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--366be991-d231-46d2-82e8-17680ae6ac34", "created_by_ref": "identity--69b9a043-59e5-4364-9c68-05a76b664d01", "created": "2021-11-27T00:00:00Z", "modified": "2021-11-27T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Insurer", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.verlingue.fr/point-dinformation-suite-a-la-tentative-dintrusion-des-systemes-informatiques-le-27-novembre-2021/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--64de8529-693b-4ff6-b9b5-641a0dfb1e7e", "created_by_ref": "identity--c4a80c9d-6384-430e-abd8-e401fb9ab3b1", "created": "2021-11-30T00:00:00Z", "modified": "2021-11-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Fluvial", "incident_type": "Virus/Ransomware", "location": { "country": "AR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--72132f5d-512f-4bcf-bee7-17e99a74be71", "created_by_ref": "identity--91afa0a1-1a97-4487-b30d-f0f71b019b35", "created": "2021-12-06T00:00:00Z", "modified": "2021-12-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "HK" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.kerrylogistics.com/media/poxeg33s/notice-company-statement-8dec2021.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ece7be52-1be0-4124-920d-5ac70f427207", "created_by_ref": "identity--27cdebc8-bc47-4ea0-8087-0d71537eb772", "created": "2021-12-08T00:00:00Z", "modified": "2021-12-08T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "MY" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0a0dd5a6-b5e1-4db7-9fd8-774ae648ea27", "created_by_ref": "identity--ca1f013d-ec7a-4ae7-bf2b-ef52ed04e9f5", "created": "2021-12-09T00:00:00Z", "modified": "2021-12-09T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e119c392-ac6c-4115-a0af-d1295fda3489", "created_by_ref": "identity--263bdaa1-1582-4bb3-96dc-c19b2fa987f4", "created": "2021-12-14T00:00:00Z", "modified": "2021-12-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Manufacturer", "incident_type": "Virus/Ransomware", "location": { "country": "JP" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--30dce58a-44d9-49e0-862b-75dc902d6839", "created_by_ref": "identity--2f378722-ce7f-44d3-aa90-1208400fae10", "created": "2021-12-15T00:00:00Z", "modified": "2021-12-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.hellmann.com/en/germany/it-infrastructure#updates" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--963365ac-f0d9-4c76-9c31-3c2d466371f2", "created_by_ref": "identity--e54a7261-90ec-45a5-ad93-b9a4fa7a9912", "created": "2021-12-19T00:00:00Z", "modified": "2021-12-19T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "ID" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--86305427-b674-486d-9dd0-700d17f02789", "created_by_ref": "identity--122d2b85-ff59-4065-bb1c-d560d52bb3a8", "created": "2021-12-25T00:00:00Z", "modified": "2021-12-25T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--37d35c63-3a31-40f8-a4ea-5731c221c07a", "created_by_ref": "identity--69e04152-6fc1-451f-bf0d-be459a9163cd", "created": "2021-12-28T00:00:00Z", "modified": "2021-12-28T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ed385a3c-994e-420a-b3c0-f7097d518864", "created_by_ref": "identity--b21aa230-b3e0-47fb-8b2a-54012315c6e5", "created": "2021-09-15T00:00:00Z", "modified": "2021-09-15T00:00:00Z", "name": "Intrusion", "description": "According to sources, during the inspection of a merchant ship delivering port cranes, counterintelligence services discover intelligence-gathering equipment on the ship. No details were uncovered on the type of equipment, its location or potential capacities.", "sector": "Port", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Espionage", "external_references": [ { "source_name": "Reference", "url": "https://www.csoonline.com/article/574327/us-maritime-administrator-to-study-port-crane-cybersecurity-concerns.html https://www.washingtontimes.com/news/2021/sep/22/biden-goes-easy-china-un/ https://www.washingtontimes.com/news/2021/sep/22/biden-goes-easy-china-un/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9711eb79-3c7b-45de-a152-5e5cf46b3bce", "created_by_ref": "identity--e89aa65d-82e7-451f-8d50-c2b5b73c2370", "created": "2022-01-06T00:00:00Z", "modified": "2022-01-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Fishing", "incident_type": "Virus/Ransomware", "location": { "country": "IT" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4eb4856b-65d6-480b-b9e6-9a8b46b3e66b", "created_by_ref": "identity--4877a51b-19e6-4bf1-9a30-cdb2f9f78628", "created": "2022-01-07T00:00:00Z", "modified": "2022-01-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--364da5ed-f2e4-4ce3-8582-6569f45e151d", "created_by_ref": "identity--43403733-9619-4d99-aea9-fd2c0d1caa2c", "created": "2022-01-11T00:00:00Z", "modified": "2022-01-11T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "IT" }, "threat_actor": "Conti", "external_references": [ { "source_name": "Reference", "url": "https://hackerjournal.it/8332/attacco-ransomware-al-gruppo-arcese/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3ab072bf-aa9e-4c35-b892-6b309c9604e9", "created_by_ref": "identity--28e70896-441b-471d-b9b6-95c124b1f752", "created": "2022-01-14T00:00:00Z", "modified": "2022-01-14T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Administration", "incident_type": "Intrusion", "location": { "country": "UA" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://csirt-mon.wp.mil.pl/pl/articles6-aktualnosci/analysis-cyberattack-ukrainian-government-resources/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--37172009-6416-48ba-b87f-2266b581a1b7", "created_by_ref": "identity--a5600ef4-f6ea-4b06-9d36-eedeee0f2f90", "created": "2022-01-15T00:00:00Z", "modified": "2022-01-15T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "KP" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://team-cymru.com/blog/2022/02/03/expert-analyst-insight-into-north-korean-internet-outages/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--34c50bcc-c7a8-442b-878b-c2ce9a0a8ef5", "created_by_ref": "identity--ebf7e2ac-478e-4628-8348-a6609aea71c6", "created": "2022-01-28T00:00:00Z", "modified": "2022-01-28T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "FR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://twitter.com/CorsicaLinea/status/1488504604325257220" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5cdcd376-c52f-406d-b26f-e47d3d722b6c", "created_by_ref": "identity--a03f36ee-230f-41b9-ba87-040d90c0a872", "created": "2022-01-28T00:00:00Z", "modified": "2022-01-28T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "BE" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": " https://www.reuters.com/article/idUSL1N2UE0PS https://www.securityweek.com/european-oil-port-terminals-hit-cyberattack https://securityaffairs.co/wordpress/127583/hacking/oil-port-terminals-hit-cyberattack.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d832d6f7-b96a-4a36-857f-06c953940bd6", "created_by_ref": "identity--7645c46f-1c13-472c-abb8-e9872f529d8d", "created": "2022-01-29T00:00:00Z", "modified": "2022-01-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.oiltanking.com/en/news-info/current-news.html https://www.handelsblatt.com/unternehmen/energieversorgung-cyberangriff-legt-oiltanking-tanklager-deutschlandweit-vollstaendig-lahm-tankwagen-beladung-ausser-betrieb/28023918.html https://www.spiegel.de/netzwelt/web/shell-und-co-betroffen-cyberangriff-auf-benzin-versorger-von-tankstellen-in-deutschland-a-5f4494a1-db24-4cca-820e-dea923ac66a9 https://securityaffairs.co/wordpress/127493/hacking/oiltanking-gmbh-cyber-attack.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0c33bd5e-85c7-4a66-bdfd-eb312684f08d", "created_by_ref": "identity--26d061b0-ddcd-4988-bd92-d87e117a8ca6", "created": "2022-02-01T00:00:00Z", "modified": "2022-02-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipyard", "incident_type": "Intrusion", "location": { "country": "IL" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.calcalistech.com/ctech/articles/0,7340,L-3928403,00.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f999952b-3fc0-440f-a205-496af1f46774", "created_by_ref": "identity--7cca9b6d-c00d-43ca-9970-d11fe565cdea", "created": "2022-02-05T00:00:00Z", "modified": "2022-02-05T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3ac8331b-8226-45d3-80d6-01e4bc310a85", "created_by_ref": "identity--aa8387e2-e8ef-4d00-a1de-a039d2f8a792", "created": "2022-02-05T00:00:00Z", "modified": "2022-02-05T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "VN" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--70547f88-d2d1-42b5-b24d-ef7d206c890f", "created_by_ref": "identity--65cd85b4-f46b-4f86-8263-f6278320515f", "created": "2022-02-07T00:00:00Z", "modified": "2022-02-07T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipowner", "incident_type": "Intrusion", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://portswigger.net/daily-swig/uk-ferry-operator-wightlink-flags-potential-data-breach-after-highly-sophisticated-cyber-attack https://www.bbc.com/news/uk-england-hampshire-60705576 https://www.portsmouth.co.uk/news/people/wightlink-suffers-cyber-attack-with-customers-information-targeted-3607532 https://www.islandecho.co.uk/wightlink-suffers-sophisticated-cyber-attack-exposing-customers-details/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--976ec051-ddfd-4f0d-90a6-31b273a5c11b", "created_by_ref": "identity--dc54f82c-e4e3-43e1-8fa4-81943d188808", "created": "2022-02-09T00:00:00Z", "modified": "2022-02-09T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "VN" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3b0169c2-ed8e-449f-a355-a04862b036d1", "created_by_ref": "identity--8c3a4aa9-31b2-46f8-b2b5-e9f81a835e51", "created": "2022-02-14T00:00:00Z", "modified": "2022-02-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Conti", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e2dbcb39-3128-4f7c-aaff-6e6c4f405347", "created_by_ref": "identity--fa51bc50-aa77-4157-b50d-4170131446e5", "created": "2022-02-20T00:00:00Z", "modified": "2022-02-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.travelagentcentral.com/cruises/scenics-glen-maroney-details-cyber-attack-apologizes-and-explains-whats-happened" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--452632a0-5ee5-4785-b4ce-a251a3fff59c", "created_by_ref": "identity--472855bd-0086-484a-bd37-61fb6ab91656", "created": "2022-02-20T00:00:00Z", "modified": "2022-02-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Conti", "external_references": [ { "source_name": "Reference", "url": "https://www.expeditors.com/022022-downtime-notification https://investor.expeditors.com/press-releases/2022/02-21-2022-032617120 https://www.freightwaves.com/news/global-logistics-giant-expeditors-suffers-cyberattack-shuts-down-operations-systems" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f65c5733-7f8d-47f9-8d44-26bfc7a6470e", "created_by_ref": "identity--828896c7-7483-47fb-8d93-ec16ad51cead", "created": "2022-02-21T00:00:00Z", "modified": "2022-02-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "KR" }, "threat_actor": "Hive", "external_references": [ { "source_name": "Reference", "url": "http://truecut.co.kr/en/Program/board/listbody.html?a_gb=board&a_cd=11&a_item=0&sm=3_1&po_no=14951" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--eae1ec31-b362-4750-ae72-1420ee50f8f6", "created_by_ref": "identity--ddb09329-4c7a-4f53-893c-9dd088675933", "created": "2022-02-21T00:00:00Z", "modified": "2022-02-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "IN" }, "threat_actor": "Goldeneye", "external_references": [ { "source_name": "Reference", "url": "https://container-news.com/cyber-attack-hits-state-owned-terminal-at-indias-jnpt/ https://www.hindustantimes.com/cities/mumbai-news/man-booked-for-hacking-computer-system-at-jnpt-container-terminal-101645793061434.html https://maritime-executive.com/article/indian-container-terminal-diverts-ships-due-to-ransomware-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d58a5e6e-4a42-48d3-b2ca-b11ce3ba6cb8", "created_by_ref": "identity--adb276ca-0105-4926-8971-69ff2f9294eb", "created": "2022-02-23T00:00:00Z", "modified": "2022-02-23T00:00:00Z", "name": "Data leak", "description": "The victims, two major ports, Ashdod and Haifa, were targeted by Iran's Islamic Revolutionary Guard Corps (IRGC) during an attack. The attacker broadcasted videos captured from security cameras at these sites. Along with the footage, which depicted entry gates, office settings, and workers, the IRGC also released personal details, identification documents, and other sensitive information about hundreds of port staff on its Telegram app channel. According to sources, Iranian hackers affiliated with the IRGC claimed responsibility for the data acquisition. However, representatives from both Israeli ports have countered these claims, emphasizing that the displayed footage and data were not directly extracted from their security apparatus. Instead, they believe the information was sourced from a third-party company that previously managed camera operations at the ports. They further underscored that the showcased videos were outdated. How the hackers obtained detailed information about the port employees remains unclear. This attack follows an alleged cyberattack on Iran's Shahid Rajaee port, purportedly initiated by Israel, sources report, on May 9, 2020.", "sector": "Port", "incident_type": "Data leak", "location": { "country": "IL" }, "threat_actor": "Iran", "external_references": [ { "source_name": "Reference", "url": "https://english.iswnews.com/22922/israel-the-ports-of-haifa-and-ashdod-were-hacked-video-and-files/ https://www.middleeastmonitor.com/20220224-iran-hacks-cctv-at-israels-haifa-ashdod-ports/ https://www.timesofisrael.com/iranian-hackers-publish-cctv-footage-workers-details-from-haifa-ashdod-ports/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--10f35f18-fa4c-4971-8f6a-852e91578770", "created_by_ref": "identity--c09b3393-e45e-4d18-af05-8f31335086a3", "created": "2022-02-24T00:00:00Z", "modified": "2022-02-24T00:00:00Z", "name": "Intrusion", "description": null, "sector": "MRE", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e461ab26-1335-4c86-890c-e0f1730e7d8c", "created_by_ref": "identity--a3a61e16-53d5-4e92-977d-20437506c206", "created": "2022-02-26T00:00:00Z", "modified": "2022-02-26T00:00:00Z", "name": "GPS/AIS jamming/spoofing", "description": null, "sector": "Ship", "incident_type": "GPS/AIS jamming/spoofing", "location": { "country": "UA" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.independent.co.uk/tech/anonymous-vladimir-putin-yacht-fckptn-b2024780.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6026dcbb-ff55-4fb9-a2f4-4def37d99758", "created_by_ref": "identity--0f8608d8-00ba-4ede-b436-b72634f51531", "created": "2022-02-28T00:00:00Z", "modified": "2022-02-28T00:00:00Z", "name": "Virus/Ransomware", "description": "According to sources, a marine construction company is hit by a ransomware attack.", "sector": "Manufacturer", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Conti", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6b8f963c-f881-4fea-b559-b91c60e92d60", "created_by_ref": "identity--fe031794-a9f8-41cc-8fb2-edc32bdcd46e", "created": "2022-03-07T00:00:00Z", "modified": "2022-03-07T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Shipowner", "incident_type": "Spearphishing", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.hapag-lloyd.com/en/services-information/news/2022/03/mar07-cyber-threat-phishing-attack.html https://splash247.com/hapag-lloyd-flags-spear-phishing-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9628f9cf-528a-4ed3-af99-b3e5ddbe097f", "created_by_ref": "identity--d092aa7b-1d37-4c51-a9cc-0ebbfc5d2df8", "created": "2022-03-18T00:00:00Z", "modified": "2022-03-18T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "LB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7396df71-9bb0-4a11-a164-596b0fa517a7", "created_by_ref": "identity--7e68f45e-64f4-437e-8bf5-8e690fc2d07b", "created": "2022-03-25T00:00:00Z", "modified": "2022-03-25T00:00:00Z", "name": "Spearphishing", "description": null, "sector": "Port", "incident_type": "Spearphishing", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.dco.uscg.mil/Portals/9/Maritime%20Cyber%20Alert%2001-22%20TLP%20WHITE.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e20d32c8-cfce-4260-bb99-36d572808f32", "created_by_ref": "identity--7cf43061-095e-492c-a5e5-f087d8bec794", "created": "2022-03-31T00:00:00Z", "modified": "2022-03-31T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "MRE", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.nordex-online.com/en/2022/04/update-on-cyber-security-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6c19361d-cdf1-4012-9e1c-8e34237f55b6", "created_by_ref": "identity--c1a75c5f-4cba-4b5c-be09-9ecae4f33a82", "created": "2022-03-31T00:00:00Z", "modified": "2022-03-31T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "Yacht Charter Fleet" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a9bb2ac4-a0a7-48bf-9849-530c1b63e71a", "created_by_ref": "identity--8102f452-1588-4927-b306-84070dad4793", "created": "2022-04-13T00:00:00Z", "modified": "2022-04-13T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Undersea cable", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.hawaiinewsnow.com/2022/04/13/hsi-agents-honolulu-disrupted-cyberattack-undersea-cable-critical-telecommunications/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--247c4dcb-8a26-4f3c-b599-9748c30fbddb", "created_by_ref": "identity--4f9d7e02-f62b-46c5-8b46-c4fab6d4b48e", "created": "2022-04-14T00:00:00Z", "modified": "2022-04-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "OM" }, "threat_actor": "Lockbit 2.0", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a8b704e6-d7ed-4a07-bffb-05a04fa5892d", "created_by_ref": "identity--77a826a6-565e-4131-ab28-967d5aeb4405", "created": "2022-04-15T00:00:00Z", "modified": "2022-04-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "IQ" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "Basra Multipurpose Terminal" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--82501dca-deb6-4ee2-999d-a12bc4c7daa6", "created_by_ref": "identity--ce87ad84-2708-4164-b97d-cecd008cd479", "created": "2022-04-17T00:00:00Z", "modified": "2022-04-17T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7e0634f7-6621-4af9-9f9e-071955cf81ec", "created_by_ref": "identity--de4cfe7e-c33b-4413-b9ba-80f9bda43365", "created": "2022-04-19T00:00:00Z", "modified": "2022-04-19T00:00:00Z", "name": "Scam", "description": "According to sources, the victim was deceived into transferring funds into a fabricated bank account under the impression that it belonged to the victim. The club has emphasized that such occurrences of cyber fraud targeting them are rare. Due to this incident, members were alerted to exercise caution regarding potential cyber fraud. Members were also reminded to cross-check any changes in banking details with their regular contact at the victim's office.", "sector": "Insurer", "incident_type": "Scam", "location": { "country": "GB" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://britanniapandi.com/2022/04/cyber-fraud-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9b67543f-7cc4-4e42-8bc4-29105569028f", "created_by_ref": "identity--49e4b8f9-a45b-4796-87f2-da9e03dbf62d", "created": "2022-04-20T00:00:00Z", "modified": "2022-04-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GR" }, "threat_actor": "Conti", "external_references": [ { "source_name": "Reference", "url": "https://www.lemagit.fr/actualites/252520772/Ransomware-le-jeu-toujours-un-peu-plus-trouble-de-Conti" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--db204d9d-78d6-4202-85ab-cedb4939996f", "created_by_ref": "identity--5cdfff74-de2d-4104-907e-5d80f0bb6dd9", "created": "2022-04-23T00:00:00Z", "modified": "2022-04-23T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "MRE", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Black Basta", "external_references": [ { "source_name": "Reference", "url": "https://www.deutsche-windtechnik.com/press-information/item/463-Cyber-attack-on-Deutsche-Windtechnik" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0eaf6d16-204d-4f8a-8a81-74da47144f4b", "created_by_ref": "identity--d96ab04e-a391-40a6-a493-a20bb2d0de99", "created": "2022-04-26T00:00:00Z", "modified": "2022-04-26T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "PE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2fb5aa19-41f5-4fb9-849b-89c4bb2ddce5", "created_by_ref": "identity--6c39ca27-b271-4816-907b-59290c1d255a", "created": "2022-04-27T00:00:00Z", "modified": "2022-04-27T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f1c1f7ea-b9e6-4a66-a7f2-98f45062da5d", "created_by_ref": "identity--43c7f2a4-8f66-47af-a743-84bd5389748f", "created": "2022-04-29T00:00:00Z", "modified": "2022-04-29T00:00:00Z", "name": "Virus/Ransomware", "description": "An industry company working for the maritime sector is hit by a ransomware attack.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Onyx", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e340dfab-2c39-4986-bd6f-585361ae0c44", "created_by_ref": "identity--71ecfb0a-a276-4ea6-8a89-f3905a76ddf5", "created": "2022-05-10T00:00:00Z", "modified": "2022-05-10T00:00:00Z", "name": "Virus/Ransomware", "description": "A fishery company is hit by a ransomware attack.", "sector": "Fishing", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Lockbit 2.0", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e4ccbae2-fce1-4686-a621-601e365e8743", "created_by_ref": "identity--b1ef6786-b125-466a-9b39-f4ae5522af8b", "created": "2022-05-13T00:00:00Z", "modified": "2022-05-13T00:00:00Z", "name": "Virus/Ransomware", "description": "A company working in the manufacturing and sale of marine equipment is victim of a ransomware attack", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Lockbit 2.0", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--284c5abf-f910-4b37-babd-cc2e1d951b95", "created_by_ref": "identity--ca799816-f9c0-49a9-9879-879dce8d013f", "created": "2022-05-21T00:00:00Z", "modified": "2022-05-21T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "TW" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--bdabbe98-f26e-4d1f-bc4a-5aac418f4f52", "created_by_ref": "identity--7b699624-9170-4da2-8aa5-96fb2d90597c", "created": "2022-05-23T00:00:00Z", "modified": "2022-05-23T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Fluvial", "incident_type": "Denial of service", "location": { "country": "GB" }, "threat_actor": "Altahrea Team", "external_references": [ { "source_name": "Reference", "url": "https://techmonitor.ai/technology/cybersecurity/port-of-london-authority-cyberattack https://safety4sea.com/cyber-attack-targets-port-of-london-authority/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--aa53bd3c-5aab-4d67-bc17-a93952fffe76", "created_by_ref": "identity--e5210ac9-24eb-41c8-a33f-8e2f01aec75f", "created": "2022-05-24T00:00:00Z", "modified": "2022-05-24T00:00:00Z", "name": "Data leak", "description": null, "sector": "Administration", "incident_type": "Data leak", "location": { "country": "CY" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4bda6648-8be7-4bcd-8f8f-861abea1f3ae", "created_by_ref": "identity--1d6de304-1253-41bd-8d78-9372ed373de8", "created": "2022-06-01T00:00:00Z", "modified": "2022-06-01T00:00:00Z", "name": "Data leak", "description": null, "sector": "Fishing", "incident_type": "Data leak", "location": { "country": "JP" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b18a626d-dd8f-4a4e-91e8-de5562ea4920", "created_by_ref": "identity--6f16c2c4-d15a-48fb-86e5-dd916690e9c0", "created": "2022-06-02T00:00:00Z", "modified": "2022-06-02T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IT" }, "threat_actor": "Killnet", "external_references": [ { "source_name": "Reference", "url": "https://livornopress.it/porti-italiani-sotto-attacco-di-hacker-russi-nella-lista-di-killnet-anche-livorno" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7b30cc04-9745-49e4-bd97-eedd50726093", "created_by_ref": "identity--1e7193b9-a93d-459f-8b50-381818f09721", "created": "2022-06-03T00:00:00Z", "modified": "2022-06-03T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--087a574d-7242-4912-82d0-b3c315782dc6", "created_by_ref": "identity--0a982a35-e8f4-45d4-874e-c28c191a5c8a", "created": "2022-06-04T00:00:00Z", "modified": "2022-06-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "JP" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "http://www.sumiwa.com/wp-content/uploads/2d81af2c68c69db5f85b40f6306265a72.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d28418fc-9864-41b5-b0f4-5f3860f7f65c", "created_by_ref": "identity--3f4e7822-c8f2-490a-8d52-fb7f5f2d75a2", "created": "2022-06-06T00:00:00Z", "modified": "2022-06-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "ID" }, "threat_actor": "Lockbit 2.0", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4161a728-cbf7-4519-9ea2-b40b2bc3c2f9", "created_by_ref": "identity--b43f8a7e-5122-48a3-965c-a7b8fc2a342d", "created": "2022-06-10T00:00:00Z", "modified": "2022-06-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "CY" }, "threat_actor": "Lockbit 2.0", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6e4271f0-8e88-453f-a6cc-f7c01817983f", "created_by_ref": "identity--a2d49624-5348-4551-b5e0-23d5c70ace88", "created": "2022-06-12T00:00:00Z", "modified": "2022-06-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c5b5cd4a-5e1c-4b7e-a818-d834aa5da39a", "created_by_ref": "identity--02613957-0ac7-4c9c-84e6-2d5867b31390", "created": "2022-06-14T00:00:00Z", "modified": "2022-06-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "ID" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d8baaf73-9b0d-419b-b359-547b27f5e6eb", "created_by_ref": "identity--256cb259-a20e-46d2-bfa0-be4059a08a37", "created": "2022-06-24T00:00:00Z", "modified": "2022-06-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "LT" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--07a49580-f8cb-49b3-88f5-b3ea09011379", "created_by_ref": "identity--76f3d57f-a666-4b30-9024-74bcbd1ee970", "created": "2022-06-28T00:00:00Z", "modified": "2022-06-28T00:00:00Z", "name": "Data leak", "description": null, "sector": "Port", "incident_type": "Data leak", "location": { "country": "TW" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6d365c27-37f7-4a1c-973e-db5433412d2c", "created_by_ref": "identity--25b11c3a-0f11-4d35-9f65-a1f32a6a6bfa", "created": "2022-06-29T00:00:00Z", "modified": "2022-06-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "TR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--576bee86-6e0f-4fdc-b9f9-8d5c79e7b6b8", "created_by_ref": "identity--b44c564c-8c74-473a-9230-c4dd9d511947", "created": "2022-06-29T00:00:00Z", "modified": "2022-06-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--99fe5550-3c54-421e-9616-2a766f2684d4", "created_by_ref": "identity--35d71491-abcc-448d-8c6d-3cbdf5d197b1", "created": "2022-06-29T00:00:00Z", "modified": "2022-06-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "IN" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dfc71838-f7a4-4e48-a97c-911225a12c41", "created_by_ref": "identity--91ea0ccf-f83d-472e-8dc9-0a3b070e08c0", "created": "2022-06-30T00:00:00Z", "modified": "2022-06-30T00:00:00Z", "name": "Phishing", "description": null, "sector": "Offshore", "incident_type": "Phishing", "location": { "country": "AU" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.darkreading.com/vulnerabilities-threats/chinese-hackers-target-energy-sector-australia-south-china-sea https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c4bc9fce-ca1f-4c6e-b40e-6efbeedd91b7", "created_by_ref": "identity--bdb05cdd-0699-4f33-b4a7-fd4a4dbbac14", "created": "2022-07-02T00:00:00Z", "modified": "2022-07-02T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f4a63ac7-d50b-47a5-886a-fbc3f71f6e14", "created_by_ref": "identity--366b2f96-7a34-4d2a-885b-3077023d70af", "created": "2022-07-04T00:00:00Z", "modified": "2022-07-04T00:00:00Z", "name": "Website Compromission", "description": null, "sector": "Organisation", "incident_type": "Website Compromission", "location": { "country": "FR" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4b4db544-abdf-468e-b327-e68748110aa4", "created_by_ref": "identity--0ce4a2bb-93d5-4aec-a782-0411beed263a", "created": "2022-07-04T00:00:00Z", "modified": "2022-07-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Hive", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f4d519ef-f004-4c79-a0f9-c56272bf502d", "created_by_ref": "identity--47aada3e-c1b3-4c3a-a4a3-9fba58847b5b", "created": "2022-07-06T00:00:00Z", "modified": "2022-07-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--350ccd16-27c1-4c27-8cda-facb9806d753", "created_by_ref": "identity--6648a4f9-225a-45fb-a4bb-2c3bf1d67c05", "created": "2022-07-11T00:00:00Z", "modified": "2022-07-11T00:00:00Z", "name": "Data leak", "description": null, "sector": "Ship", "incident_type": "Data leak", "location": { "country": "TR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--28e07d47-fd07-4832-ab8e-bd2139292a2a", "created_by_ref": "identity--fe00ccd7-a2a4-447a-9ad1-20f784595611", "created": "2022-07-14T00:00:00Z", "modified": "2022-07-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipowner", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6d464299-b850-4f67-b396-0db1352336bd", "created_by_ref": "identity--1cdf5883-c5d4-4859-a7db-1dd70686c7d4", "created": "2022-07-22T00:00:00Z", "modified": "2022-07-22T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FI" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "Wärtsilä" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3ddec176-873e-4eb7-a386-c337c5cd5ffa", "created_by_ref": "identity--24180f27-5a9b-4e41-a125-9fe3bfb2fff3", "created": "2022-07-22T00:00:00Z", "modified": "2022-07-22T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Education", "incident_type": "Virus/Ransomware", "location": { "country": "PH" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--90181a7a-76f8-4920-9efc-dd8680d25f0b", "created_by_ref": "identity--0f127dce-d1b4-4554-b0c7-8a812af3b63e", "created": "2022-08-01T00:00:00Z", "modified": "2022-08-01T00:00:00Z", "name": "Data leak", "description": null, "sector": "Defence", "incident_type": "Data leak", "location": { "country": "IT" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.mbda-systems.com/2022/08/01/hacking-allegations-against-mbda-italy/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f4db412b-66f4-4c2d-a1c1-2cf030301992", "created_by_ref": "identity--7697c4fc-aa14-4f8f-bea1-3366e1763342", "created": "2022-08-06T00:00:00Z", "modified": "2022-08-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "BG" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--53e1fb3a-800d-4b33-93fd-a19a1b56cd76", "created_by_ref": "identity--3367868a-6768-42f6-aa33-796d044dff4f", "created": "2022-08-17T00:00:00Z", "modified": "2022-08-17T00:00:00Z", "name": "Phishing", "description": null, "sector": "Shipowner", "incident_type": "Phishing", "location": { "country": "IL" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--bb7c7ac0-01d4-4631-91cd-f90b86aaf12a", "created_by_ref": "identity--37a7ae6a-e842-469e-ae57-11914aa13a50", "created": "2022-08-18T00:00:00Z", "modified": "2022-08-18T00:00:00Z", "name": "Data leak", "description": null, "sector": "Industry", "incident_type": "Data leak", "location": { "country": "FR" }, "threat_actor": "Snatch", "external_references": [ { "source_name": "Reference", "url": "https://www.bfmtv.com/tech/actualites/cybersecurite/victime-d-une-cyberattaque-le-francais-nexeya-deplore-une-fuite-de-donnees-considerable_AD-202208180425.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--da415842-b323-4924-b58e-e035e4a6502d", "created_by_ref": "identity--56c43f0b-2e17-4d37-b306-41ed60a5b54b", "created": "2022-08-25T00:00:00Z", "modified": "2022-08-25T00:00:00Z", "name": "Data leak", "description": null, "sector": "Logistics", "incident_type": "Data leak", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d8196a7d-f0e9-4590-bea6-5e9c9e585915", "created_by_ref": "identity--01e07c21-ca16-4f6a-8393-3cecfef3ede1", "created": "2022-08-31T00:00:00Z", "modified": "2022-08-31T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Shipyard", "incident_type": "Intrusion", "location": { "country": "SG" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://safety4sea.com/sembcorp-marine-hit-by-cyber-security-incident/ https://www.sembmarine.com/stock-exchange-announcements/sembcorp-marine-reports-c" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--36325488-c5b3-4e5e-a912-f018fb5372e3", "created_by_ref": "identity--68d87838-701a-41ab-9b43-294c4555df04", "created": "2022-09-02T00:00:00Z", "modified": "2022-09-02T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "SA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a4d69158-a71d-4fa5-98c6-5053321b6096", "created_by_ref": "identity--1eec4858-f5b4-4fc2-9bf7-c96354f2d5d2", "created": "2022-09-05T00:00:00Z", "modified": "2022-09-05T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "PA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1c5487a8-74fa-4dc4-8673-7012c5e2eb4b", "created_by_ref": "identity--0030ad29-c071-4ebc-a97f-d1e7a073ce72", "created": "2022-09-13T00:00:00Z", "modified": "2022-09-13T00:00:00Z", "name": "Phishing", "description": null, "sector": "Education", "incident_type": "Phishing", "location": { "country": "CN" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "https://www.zdnet.com/article/china-says-nsa-used-multiple-cybersecurity-tools-in-attacks-against-chinese-university/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b5564118-5f35-4916-95fd-51a108e63245", "created_by_ref": "identity--a83a17c0-6eeb-4a07-8ece-c72bd0b2bc73", "created": "2022-09-15T00:00:00Z", "modified": "2022-09-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "SG" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d7e40ede-32f8-4985-9b47-18c5daec0656", "created_by_ref": "identity--b4c78382-93ed-43d6-b7aa-99a413abb957", "created": "2022-09-18T00:00:00Z", "modified": "2022-09-18T00:00:00Z", "name": "Virus/Ransomware", "description": "A port actor working in the Liquefied petroleum gas industry is victim of a ransomware attack.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "PH" }, "threat_actor": "BlackByte", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--adb1d3e3-62d0-42f8-a612-56e9937f38bf", "created_by_ref": "identity--3904ab76-1685-4e44-a530-ff3ffb5024eb", "created": "2022-10-03T00:00:00Z", "modified": "2022-10-03T00:00:00Z", "name": "Data leak", "description": null, "sector": "Shipowner", "incident_type": "Data leak", "location": { "country": "ID" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a949e1a1-9684-426f-a603-56eceac260c1", "created_by_ref": "identity--42367914-9025-4b4e-8a17-f99c49c15251", "created": "2022-10-04T00:00:00Z", "modified": "2022-10-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Bianlian", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7c1fdfc7-1f8d-439f-b1f3-0d3b8f16f02a", "created_by_ref": "identity--c106db51-a55b-4974-b795-a461e4e84006", "created": "2022-10-09T00:00:00Z", "modified": "2022-10-09T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Organisation", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "https://www.lemagit.fr/actualites/366551733/Ransomware-un-millesime-2023-sans-veritable-treve-estivale" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--47cd5605-9545-4b60-9561-a4e3715809e1", "created_by_ref": "identity--3ab181c2-9e09-419a-8b80-ad18806332b1", "created": "2022-10-12T00:00:00Z", "modified": "2022-10-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Black Basta", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e85c6535-d428-4a96-a5ae-4624c0de0c94", "created_by_ref": "identity--a6df047e-2d90-45d4-83e3-e0edde4526ec", "created": "2022-10-15T00:00:00Z", "modified": "2022-10-15T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "BG" }, "threat_actor": "Political", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--433f477d-0e25-4d6e-a4bd-a6bcfb569fd2", "created_by_ref": "identity--d13dfda5-edcd-4602-88e0-bd35cf0768b1", "created": "2022-11-04T00:00:00Z", "modified": "2022-11-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0a0b8491-4c0d-495e-9217-0ed3110bfed6", "created_by_ref": "identity--3c6ac1de-84ee-4684-9f61-1d38992c07d3", "created": "2022-11-24T00:00:00Z", "modified": "2022-11-24T00:00:00Z", "name": "Phishing", "description": null, "sector": "Port", "incident_type": "Phishing", "location": { "country": "FR" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8657f81d-77b9-4c82-904e-393518c7b36a", "created_by_ref": "identity--3764c0ab-d75a-427a-a53e-657e2d8d143f", "created": "2022-10-17T00:00:00Z", "modified": "2022-10-17T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, a multinational port operating entity headquartered in The Hague, Netherlands, operates 74 port and terminal facilities in 40 countries. According to sources, on 17 October, its Guatemalan subsidiary was victim of a ransomware attack. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of the Hive ransomware group, which later proclaimed responsibility. The encryption of company systems was claimed on 7th of November. However, the extent of encrypted data and any subsequent discussions with the organization remain undisclosed.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "NL" }, "threat_actor": "Hive", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/hive-ransomware-hits-maersks-guatemala-terminal/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7bf710c2-22a9-4f48-9277-60acb66ad552", "created_by_ref": "identity--5fb1d856-e6d3-47ce-a9f1-1e935abc144c", "created": "2022-12-02T00:00:00Z", "modified": "2022-12-02T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "IT Services", "incident_type": "Undisclosed", "location": { "country": "SG" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.geopolitical.report/voyager-worldwide-hit-by-a-cyberattack/ https://www.rivieramm.com/news-content-hub/news-content-hub/voyager-fleet-insight-unavailable-after-cyber-security-incident-74229 https://splash247.com/voyager-worldwide-hit-by-cyber-attack/ https://insurancemarinenews.com/insurance-marine-news/voyager-worldwide-reportedly-hit-by-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--44e96909-b8a4-4ac6-b4ed-15209da9b9da", "created_by_ref": "identity--20e950ce-df0f-4ccc-8a03-e30e5461ce5e", "created": "2022-12-20T00:00:00Z", "modified": "2022-12-20T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Shipyard", "incident_type": "Undisclosed", "location": { "country": "DE" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.spiegel.de/netzwelt/web/thyssenkrupp-hacker-verueben-angriff-auf-werkstoffsparte-a-42b0d13e-c2f7-450d-8f50-558412aa981b https://www.reuters.com/legal/government/thyssenkrupp-says-it-was-target-cyberattack-2022-12-20/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c96ed8b5-3250-487a-8a20-e476263671fb", "created_by_ref": "identity--314a7015-c58e-4a28-b50b-ecff458d60bd", "created": "2022-12-26T00:00:00Z", "modified": "2022-12-26T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, a crucial hub of maritime activity in Portugal's capital and one of Europe's most accessed ports, experienced a cyberattack on Christmas Day. This port plays a strategic role, with over 3,500 vessel calls and managing more than 13.4 million tons of cargo annually. According to sources, the port was victim of a ransomware attack that day. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of the LockBit ransomware group. The attack did not affect the port's operations but led to the shutdown of its website and internal systems. The attacking group has threatened to release a vast array of the port’s confidential data unless their ransom demands are met, claiming to possess sensitive information such as financial reports, audits, contracts, and personal data.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "PT" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "https://www.publico.pt/2022/12/26/sociedade/noticia/porto-lisboa-alvo-ataque-informatico-crime-nao-comprometeu-operacoes-2032713 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-port-of-lisbon-in-portugal/ https://maritime-executive.com/article/cyberattack-threatens-release-of-port-of-lisbon-data" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--995b8b04-60b1-4737-9ae2-f091c1b173ba", "created_by_ref": "identity--7155e071-668a-4dcb-98c5-15e206313151", "created": "2022-09-06T00:00:00Z", "modified": "2022-09-06T00:00:00Z", "name": "Denial of service", "description": "Pro-Russia hackers have claimed responsibility for launching distributed denial of service (DDoS) attacks on Japanese government and company websites. The attacks, claimed by the group were described by the attacking group as a \"declaration of war on the Japanese national government\". They temporarily impacted various government websites, including the Nagoya Port Authority's site, which was down for about 40 minutes.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "JP" }, "threat_actor": "Killnet", "external_references": [ { "source_name": "Reference", "url": "https://asianews.network/pro-russia-hackers-claim-to-have-temporarily-brought-down-japanese-govt-websites/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d1f04443-a528-4cb8-88f8-d660dc91c745", "created_by_ref": "identity--4c286148-56f3-42f6-90c1-ed1c7619d65d", "created": "2023-01-07T00:00:00Z", "modified": "2023-01-07T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, a prominent classification society, is also known for its marine fleet management software. According to sources, on January 7th, the servers of its fleet management software were shut down, following a ransomware attack. Following the attack, the server environment underwent extensive rebuilding. The affected servers were sequestered from the broader IT infrastructure, with a subsequent forensic investigation. Consequently, about 70 customers and approximately 1,000 vessels using the service were impacted by the disruption (it is wrong to say that 1,000 vessels were targeted by the ransomware attack, as can be sometimes read. Communications have been ongoing with these affected parties.", "sector": "IT Services", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.dnv.com/news/cyber-attack-on-shipmanager-a-dnv-software-237552 https://theloadstar.com/dnv-admits-up-to-1000-vessels-affected-by-ransomware-attack/ https://www.rivieramm.com/news-content-hub/news-content-hub/dnv-reports-cyber-attack-on-its-shipmanager-software-74466" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0e44eff2-d64b-4bee-b958-d591d88234d2", "created_by_ref": "identity--1c7e044a-c6d3-411a-bb55-4a7cee0d07e9", "created": "2023-02-09T00:00:00Z", "modified": "2023-02-09T00:00:00Z", "name": "Spearphishing", "description": "According to the source, a previously unknown threat actor has emerged, targeting organizations in Pakistan through a sophisticated payload delivery method. The attacker capitalized on an international naval conference to deceive potential victims. The attacker initiated their campaign by sending targeted phishing emails containing a weaponized document masquerading as an exhibitor manual for the conference. This document employed a remote template injection technique and embedded malicious Visual Basic for Applications (VBA) macro code to execute the next stage of the attack, ultimately leading to the final payload. The final payload was an advanced espionage tool encrypted using XOR encryption with a unique \"penguin\" encryption key. Notably, the content-disposition response header name parameter is set to \"getlatestnews\" during the HTTP response. Consequently, this threat actor has been named NewsPenguin.", "sector": "Organisation", "incident_type": "Spearphishing", "location": { "country": "PK" }, "threat_actor": "NewsPenguin", "external_references": [ { "source_name": "Reference", "url": "https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8782d866-efb5-4305-af46-0ccb8f959080", "created_by_ref": "identity--083bd436-24bc-40a1-879c-b8b16940fdf2", "created": "2023-02-05T00:00:00Z", "modified": "2023-02-05T00:00:00Z", "name": "Virus/Ransomware", "description": "A Distributed Denial of Service (DDoS) attack targeted a cloud service provider, impacting an maritime IT services company hosting its services on the targeted servers.", "sector": "IT Services", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://ready4sea.com/blog/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ec69d015-6a76-48a0-a912-707c14ad2bfb", "created_by_ref": "identity--eeeb72aa-d033-4b62-b552-a78f46ed6995", "created": "2023-02-15T00:00:00Z", "modified": "2023-02-15T00:00:00Z", "name": "Virus/Ransomware", "description": "A Norwegian offshore engineering contractor reported a cyberattack on its subsidiary in Brazil. The subsidiary provides maintenance and modification services for offshore oil and gas installations. The attack impacted the subsidiary's IT systems, and the group worked to contain and neutralize the threat. The full extent of the breach was to be determined, and the company was in dialogue with Brazilian authorities regarding the incident. The attackers claim to have gained access to the IT systems, encrypted digital files, and locked access to data. The company currently has no indications that other parts of its IT systems were infected.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "NO" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://brazilenergyinsight.com/2023/02/15/aker-solutions-brazilian-arm-becomes-a-victim-of-cyber-attack/ https://container-news.com/aker-solutions-confirms-cyber-attack-on-its-brazilian-subsidiary/ https://www.offshore-energy.biz/aker-solutions-brazilian-arm-becomes-a-victim-of-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--58801b86-2d5f-4cf9-a3f3-d7af312a9685", "created_by_ref": "identity--94e34946-7ece-4069-8400-1a25f793e03c", "created": "2023-02-21T00:00:00Z", "modified": "2023-02-21T00:00:00Z", "name": "Denial of service", "description": "A collective of Russian hacktivists launched cyberattacks on several state websites during Vladimir Putin's annual speech. The targeted sites included adminitrations, open data access platforms and a defense naval industry group. The attacks used distributed denial of service (DDoS) tactics, overwhelming the sites with simultaneous connection requests. While these attacks caused temporary outages, they had no serious consequences. The hacktivists' actions appear to be symbolic, targeting random state platforms until they find one with weaker security measures. They boasted about their activities on social media..", "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "FR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.numerama.com/cyberguerre/1277226-des-hackers-russes-sattaquent-a-la-france-pendant-le-discours-de-poutine.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3ca45e4d-4ccd-478e-8511-22d87ae23297", "created_by_ref": "identity--78d319d3-0ef1-4772-a25a-8a931855f2bc", "created": "2023-02-24T00:00:00Z", "modified": "2023-02-24T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim was hit by a ransomware attack. Few details were made public.", "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Snatch", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/hemeria-group-data-breach-snatch-ransomware/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--efd39f11-624a-4072-aecb-8a58404066de", "created_by_ref": "identity--d5617683-1d24-4ab5-af9e-d27d06dbe18a", "created": "2023-03-07T00:00:00Z", "modified": "2023-03-07T00:00:00Z", "name": "Denial of service", "description": "A pro-Russian threat actor target the victim, a logistics and transportation company. According to the source, the website disruption forced the company's portal offline, causing significant interference in its operations.", "sector": "Logistics", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/pro-russia-noname-cyberattack-vlantana-rukso/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--aeeb8b11-b6c9-4b61-8950-7749127925dc", "created_by_ref": "identity--e73e7ce5-8109-418b-912a-dd70d932e233", "created": "2023-03-06T00:00:00Z", "modified": "2023-03-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "IT Services", "incident_type": "Virus/Ransomware", "location": { "country": "NL" }, "threat_actor": "Play", "external_references": [ { "source_name": "Reference", "url": "https://dirkzwager.com/news/cyber-security-update/ https://www.securityweek.com/ransomware-gang-publishes-data-allegedly-stolen-from-maritime-firm-royal-dirkzwager/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b2f07fb2-7e94-491c-96de-2af9269398fe", "created_by_ref": "identity--4b6e656d-ae58-47bb-97e4-c76e5695ec33", "created": "2023-03-06T00:00:00Z", "modified": "2023-03-06T00:00:00Z", "name": "Intrusion", "description": "According to sources, the victim faced an internal cyberattack in which a 23-year-old individual, who was reportedly an IT support worker for a third-party contractor for the museum, accessed financial records and systems. The attacker manipulated the account payable system, replacing the information with his own and conducting multiple unauthorized purchases. Suspicion arose when discrepancies were detected in financial data provided to contracted companies. After engaging independent forensics experts, the museum discovered anomalies and reported the incident to the police. The suspect's involvement in the attack was traced, leading to his arrest and the seizure of electronic items. The attacker would have redirected around $90,000 as part of the cybercrime.", "sector": "Administration", "incident_type": "Intrusion", "location": { "country": "AU" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.cybersecurityconnect.com.au/Industry/8769-australian-national-maritime-museum-suffers-internal-cyber-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b5362e10-3403-4e7c-accb-882b7f36309c", "created_by_ref": "identity--20839149-33b9-4f91-ab4a-d946183baed5", "created": "2023-03-07T00:00:00Z", "modified": "2023-03-07T00:00:00Z", "name": "Denial of service", "description": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "DE" }, "threat_actor": "Killnet", "external_references": [ { "source_name": "Reference", "url": "https://cybernews.com/cyber-war/pro-russian-hacktivists-swarm-australian-schools/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--58c01f15-26de-4831-ad4f-95f648aac35b", "created_by_ref": "identity--2177d340-11a0-4ac1-9ab4-b22bb695004e", "created": "2023-03-15T00:00:00Z", "modified": "2023-03-15T00:00:00Z", "name": "Human error", "description": null, "sector": "Defence", "incident_type": "Human error", "location": { "country": "FR" }, "threat_actor": "Human error", "external_references": [ { "source_name": "Reference", "url": "https://securityaffairs.com/143505/security/safran-group-leaks-sensitive-data.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a9e6a1fc-cf49-4c21-96d2-d758f210a852", "created_by_ref": "identity--7f830cd4-0787-4fbe-a778-0e9e745776ab", "created": "2023-03-18T00:00:00Z", "modified": "2023-03-18T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Shipowner", "incident_type": "Denial of service", "location": { "country": "DK" }, "threat_actor": "Anonymous Sudan", "external_references": [ { "source_name": "Reference", "url": "https://theloadstar.com/maersk-says-posted-data-is-not-current-and-not-from-attack-by-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--784ca8b6-b47f-460f-a37a-a14ea906cd8c", "created_by_ref": "identity--d439227a-92e4-4f63-9a29-e4f7c6121955", "created": "2023-03-20T00:00:00Z", "modified": "2023-03-20T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "MRE", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Stormous", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/fichtner-ransomware-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1974270c-4edb-457d-81e3-9bf790b4bd65", "created_by_ref": "identity--0421186d-1159-497d-a413-fd371bbac2a3", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Industry", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--48c35145-4aa7-4a64-843b-fa01ebf885f0", "created_by_ref": "identity--191f5a54-dadd-4da5-881b-b80b59eeaafd", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f0691de1-4c90-476b-8bce-0f1d38b70821", "created_by_ref": "identity--1ca14dda-a86b-4529-99c1-a369a5c98add", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d1f4f9f0-084e-4181-b1fc-455bf3eed873", "created_by_ref": "identity--95230961-2a81-4466-9a8d-d3d6692a57c2", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--344b69f6-1e15-4305-828a-15dc954eacbc", "created_by_ref": "identity--b8348efd-512e-405b-b61d-0d657a6a10df", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--fa763d6d-56ac-4881-8d60-0267090449d1", "created_by_ref": "identity--92f0dd27-235d-449d-88d9-f8f99ea0379d", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4c5afa7a-b055-480c-8564-ec8bee761557", "created_by_ref": "identity--adeb1223-6dec-4c4b-9d0e-1eca1849646e", "created": "2023-03-21T00:00:00Z", "modified": "2023-03-21T00:00:00Z", "name": "Denial of service", "description": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b707d4ab-08c8-46cb-8b8d-0c542d7a947c", "created_by_ref": "identity--4b281d54-a64b-444b-84ec-bef7dfd734ac", "created": "2023-03-22T00:00:00Z", "modified": "2023-03-22T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "IT" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.redhotcyber.com/post/noname057-attacca-il-ministero-delle-infrastrutture-e-dei-trasporti-il-sito-e-offline/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b1dcf43a-6aca-4678-ab5b-2e32bde61c94", "created_by_ref": "identity--245c585b-d912-4199-9ae8-f42d42883dfc", "created": "2023-03-23T00:00:00Z", "modified": "2023-03-23T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "AU" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://radware.com/security/threat-advisories-and-attack-reports/opaustralia-opsjentik/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--16949ce4-b559-44c6-b8b9-83ce21bfb70f", "created_by_ref": "identity--0e02334c-7def-4815-b768-e92f72f01f9e", "created": "2023-03-23T00:00:00Z", "modified": "2023-03-23T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "AE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://app.hacknotice.com/#/hack/641c46a7e6832c637a6dd653" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--536812d7-8376-4f14-a30b-7b094950bfc9", "created_by_ref": "identity--66dd8bee-4598-4f9d-8974-d6196a814a88", "created": "2023-03-24T00:00:00Z", "modified": "2023-03-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cl0p", "external_references": [ { "source_name": "Reference", "url": "https://www.bankinfosecurity.com/clop-goanywhere-attacks-have-now-hit-130-organizations-a-21526" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e90f74dd-8d72-468a-b081-066b96ce1d14", "created_by_ref": "identity--8c8ef981-abdc-4dd6-832a-1c8a2734d6ea", "created": "2023-03-31T00:00:00Z", "modified": "2023-03-31T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.ynetnews.com/business/article/b1vpnu00z2" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4ffb198c-2003-4697-88d2-81f5444d18c1", "created_by_ref": "identity--d4ae3040-8f85-4a89-a7ab-d37dc5045191", "created": "2023-03-31T00:00:00Z", "modified": "2023-03-31T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.ynetnews.com/business/article/b1vpnu00z2" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ae6927b8-3a42-401f-8a15-322c3631b5eb", "created_by_ref": "identity--20cc094c-ebfe-4db8-ad3d-8c3da2397103", "created": "2023-04-09T00:00:00Z", "modified": "2023-04-09T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Administration", "incident_type": "Intrusion", "location": { "country": "SD" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/anonymous-sudan-attacks-on-india-russian-ties/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6f652a03-1717-423e-bf98-0568d5a6748e", "created_by_ref": "identity--c52c5b85-4818-481f-8383-2f868ebe6aac", "created": "2023-04-09T00:00:00Z", "modified": "2023-04-09T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "DE" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-hacker-group-targets-german-government/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a9d12e5d-d349-42c2-b0f2-2965cb94fdf6", "created_by_ref": "identity--b8b02092-68f7-41ab-bafc-39fb62d56aab", "created": "2023-04-11T00:00:00Z", "modified": "2023-04-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://ici.radio-canada.ca/nouvelle/1971087/noname057-site-web-ports-canadiennes-pirates-informatiques-prorusses" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3ceeceb3-f626-4d46-a27b-1833500d56b5", "created_by_ref": "identity--052a1272-b7f6-49ed-9c73-fb0b89d8df66", "created": "2023-04-12T00:00:00Z", "modified": "2023-04-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://news.usni.org/2023/04/20/Virus/Ransomwareware-attack-hits-marinette-marine-shipyard-results-in-short-term-delay-of-frigate-freedom-lcs-construction" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1114d90b-ca30-4bcf-a7be-6d31e24c44fe", "created_by_ref": "identity--8d5b06b5-7bac-4b3e-aa54-74ada90c963a", "created": "2023-04-12T00:00:00Z", "modified": "2023-04-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.bloomberg.com/news/articles/2023-04-11/german-superyacht-maker-lurssen-target-of-ransomware-cyberattack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3670d6de-decc-4807-abff-4618a92812c5", "created_by_ref": "identity--0f8ea569-2625-4d8e-a1c2-fa78dfa0f9e4", "created": "2023-04-12T00:00:00Z", "modified": "2023-04-12T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://ici.radio-canada.ca/nouvelle/1971087/noname057-site-web-ports-canadiennes-pirates-informatiques-prorusses" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f5ea4ac3-ce52-4773-ac9b-0bc983c14d5f", "created_by_ref": "identity--ee2cb6d0-f798-4472-acfa-1fc3af0c5375", "created": "2023-04-12T00:00:00Z", "modified": "2023-04-12T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://ici.radio-canada.ca/nouvelle/1971087/noname057-site-web-ports-canadiennes-pirates-informatiques-prorusses" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2bc2a7f0-9746-450d-9fc3-022725c57a41", "created_by_ref": "identity--0bf26f91-9a16-4aae-9dd0-dcf8feba59f6", "created": "2023-04-12T00:00:00Z", "modified": "2023-04-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://b2b-cyber-security.de/fr/cyberattaques-sur-les-chantiers-navals-nord-allemands/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6130c102-effb-42fa-8fe7-0352d0311f0b", "created_by_ref": "identity--7f1922a1-8687-4836-9517-ccd9de94d0a4", "created": "2023-04-12T00:00:00Z", "modified": "2023-04-12T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://ici.radio-canada.ca/nouvelle/1971087/noname057-site-web-ports-canadiennes-pirates-informatiques-prorusses" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0e9d6718-2a64-4a7c-89c7-64f25be1cc7a", "created_by_ref": "identity--2d71a8a1-879b-43b9-87f4-acb02920bc60", "created": "2023-04-13T00:00:00Z", "modified": "2023-04-13T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://ici.radio-canada.ca/nouvelle/1971481/securite-internet-hacker-attaque-site-internet-port-saguenay" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1f207ab5-64a1-419e-b35e-0e3dc9278243", "created_by_ref": "identity--bdcb4ab5-d03c-47ef-8fdf-fa90bee9dc63", "created": "2023-04-15T00:00:00Z", "modified": "2023-04-15T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.globaldomainsnews.com/prorussian-pirates-new-cyberattacks-against-the-port-of-montreal" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c3bcfae7-cec4-4d6f-a86c-366fd16c6ba9", "created_by_ref": "identity--391d0dd5-67f1-45e7-a7f5-3f52bd8b769f", "created": "2023-04-16T00:00:00Z", "modified": "2023-04-16T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://frostbrowntodd.com/maritime-industry-hit-by-yet-another-swell-of-cyberattacks/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9d2a55a8-6e04-4886-ad16-222603ac722f", "created_by_ref": "identity--2ce1e0df-522d-4a55-854a-ca0c46fc07d1", "created": "2023-04-17T00:00:00Z", "modified": "2023-04-17T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "http://www.brl.fr/fr/incident-informatique" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6265d09b-d52c-4bfe-85cc-1d797834caeb", "created_by_ref": "identity--3c936be0-e88f-46e5-a867-020772dd6a6b", "created": "2023-04-23T00:00:00Z", "modified": "2023-04-23T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.globaldomainsnews.com/prorussian-pirates-new-cyberattacks-against-the-port-of-montreal" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7d0f5e93-ceff-4cb1-a924-b36ff62d4f96", "created_by_ref": "identity--ca740569-47da-4c67-9abc-081c845a58c8", "created": "2023-04-26T00:00:00Z", "modified": "2023-04-26T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.timesofisrael.com/websites-of-israeli-port-hacked-sudanese-group-said-to-claim-responsibility/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--698e74cd-639e-4f0d-9aed-1c664e777b78", "created_by_ref": "identity--bb881ad4-33e0-47e7-8b9c-966d6c09f5ff", "created": "2023-04-26T00:00:00Z", "modified": "2023-04-26T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.timesofisrael.com/websites-of-israeli-port-hacked-sudanese-group-said-to-claim-responsibility/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b5a3a119-d492-4802-ba26-b04d5e048e5c", "created_by_ref": "identity--e86c8eef-8af2-4865-939a-95caa1fe5630", "created": "2023-04-14T00:00:00Z", "modified": "2023-04-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Black Basta", "external_references": [ { "source_name": "Reference", "url": "https://techmonitor.ai/technology/cybersecurity/rheinmetall-cyberattack-black-basta-ransomware" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--68a3ee3c-17fd-4ec0-a847-fd90dc3a8f8b", "created_by_ref": "identity--a17f8a2b-7b88-4916-bac4-e56f7d3e94bd", "created": "2023-04-18T00:00:00Z", "modified": "2023-04-18T00:00:00Z", "name": "Waterholing Attack", "description": null, "sector": "Shipping", "incident_type": "Waterholing Attack", "location": { "country": "IL" }, "threat_actor": "Iran", "external_references": [ { "source_name": "Reference", "url": "https://www.clearskysec.com/wp-content/uploads/2023/05/Fata-Morgana-Israeli-Websites-Infected-by-Iranian-Group-1.8.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c6dc2f4b-8e3d-43a9-8534-f2a15fef4a0e", "created_by_ref": "identity--57691d63-50ac-4f10-b193-4511fadf6e83", "created": "2023-04-18T00:00:00Z", "modified": "2023-04-18T00:00:00Z", "name": "Waterholing Attack", "description": null, "sector": "Shipping", "incident_type": "Waterholing Attack", "location": { "country": "IL" }, "threat_actor": "Iran", "external_references": [ { "source_name": "Reference", "url": "https://www.clearskysec.com/wp-content/uploads/2023/05/Fata-Morgana-Israeli-Websites-Infected-by-Iranian-Group-1.8.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--436f44ea-eee9-4447-a4f8-763c9225472a", "created_by_ref": "identity--6908e383-d6c2-4995-ac2e-7c741c91f721", "created": "2023-04-18T00:00:00Z", "modified": "2023-04-18T00:00:00Z", "name": "Waterholing Attack", "description": null, "sector": "Logistics", "incident_type": "Waterholing Attack", "location": { "country": "IL" }, "threat_actor": "Iran", "external_references": [ { "source_name": "Reference", "url": "https://www.clearskysec.com/wp-content/uploads/2023/05/Fata-Morgana-Israeli-Websites-Infected-by-Iranian-Group-1.8.pdf" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--aa40601d-8f29-43c4-a241-d1c602a80db2", "created_by_ref": "identity--f8a10a78-23bb-44ea-a98f-d77890e17c35", "created": "2023-04-18T00:00:00Z", "modified": "2023-04-18T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://news.clearancejobs.com/2023/04/25/defense-contractors-in-the-cyber-cross-hairs-two-u-s-shipbuilders-hit-in-cyberattacks/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f104431f-e587-45d8-ae87-106a49ca14be", "created_by_ref": "identity--ce703515-c384-46d1-aa3b-7538a88b580a", "created": "2023-04-29T00:00:00Z", "modified": "2023-04-29T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.presstv.ir/Detail/2023/04/29/702429/Sudanese-hackers-bring-down-Israeli-aviation,-weapons-Industrys-websites-in-fresh-cyber-attack" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2ee0ec78-5bb4-4968-96ee-90c928c9fd01", "created_by_ref": "identity--5164966e-0b5f-4f7d-a060-96edc364d825", "created": "2023-05-01T00:00:00Z", "modified": "2023-05-01T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.presstv.ir/Detail/2023/05/01/702542/Websites-of-two-major-ports-in-Israeli-occupied-territories-knocked-offline-by-Sudanese-hackers" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--26b1a0bb-bb87-4048-927d-d9757455773e", "created_by_ref": "identity--ff826925-dc14-41a5-94ea-380182a7b735", "created": "2023-05-01T00:00:00Z", "modified": "2023-05-01T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.presstv.ir/Detail/2023/05/01/702542/Websites-of-two-major-ports-in-Israeli-occupied-territories-knocked-offline-by-Sudanese-hackers" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a39cd045-9202-4a7a-afdd-67da19fc9311", "created_by_ref": "identity--3623efb3-57de-4c87-a93c-3f0f516edcd2", "created": "2023-05-07T00:00:00Z", "modified": "2023-05-07T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "CH" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.bleepingcomputer.com/news/security/multinational-tech-firm-abb-hit-by-black-basta-ransomware-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8ebff887-8c41-4299-a224-146351e9e68e", "created_by_ref": "identity--a3ec644c-146f-45b3-b300-5f59a984f515", "created": "2023-05-18T00:00:00Z", "modified": "2023-05-18T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "IN" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.latesthackingupdates.com/pakistani-hackers-targeted-indian-army-and-navy-websites/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4f321bc1-ac85-47bd-ad20-7db103296c89", "created_by_ref": "identity--07203d50-ff71-4dcb-aa9b-59fd2f7c65fc", "created": "2023-05-18T00:00:00Z", "modified": "2023-05-18T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "IN" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://www.latesthackingupdates.com/pakistani-hackers-targeted-indian-army-and-navy-websites/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2c0c9c8c-2e13-4665-b006-c6ccca6d586b", "created_by_ref": "identity--da5c2422-e66e-438e-ae75-0236654f82c8", "created": "2023-05-21T00:00:00Z", "modified": "2023-05-21T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "IN" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/cochin-shipyard-website-suspected-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a0545441-acd3-457e-9300-80c832d5f2c0", "created_by_ref": "identity--1504a93d-b767-4d5d-937d-39516408904e", "created": "2023-06-04T00:00:00Z", "modified": "2023-06-04T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Logistics", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-ddos-attack-on-lithuania-logistics-hit/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1f4ef479-a888-4397-aaa4-cfafdaa3c191", "created_by_ref": "identity--50213da4-80ed-454b-8388-6ffd8997d180", "created": "2023-06-04T00:00:00Z", "modified": "2023-06-04T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-ddos-attack-on-lithuania-logistics-hit/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--253bca0e-c904-478a-a0ca-89a1499c04a8", "created_by_ref": "identity--923c493c-b042-46b5-8fa7-71f38fd082a4", "created": "2023-06-04T00:00:00Z", "modified": "2023-06-04T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-ddos-attack-on-lithuania-logistics-hit/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--720400e9-6b7f-4214-a720-2d6fcc9179da", "created_by_ref": "identity--9b9419fb-92e8-418a-947d-da57880e44c7", "created": "2023-06-04T00:00:00Z", "modified": "2023-06-04T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Logistics", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-ddos-attack-on-lithuania-logistics-hit/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ff8e4557-cf82-49a9-99a6-7bf5ff6c4e8d", "created_by_ref": "identity--2fb406e3-0ed5-4e67-9dd3-72ec5c781bc5", "created": "2023-06-05T00:00:00Z", "modified": "2023-06-05T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-targets-canada-ports-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--34027f96-8cef-4419-a0af-133043a3ed6d", "created_by_ref": "identity--f579e340-0ee7-434a-8f12-2b6323d2457d", "created": "2023-06-05T00:00:00Z", "modified": "2023-06-05T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-targets-canada-ports-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3eacd506-2592-4673-b475-6403ec45ad3d", "created_by_ref": "identity--93451987-542a-4685-aea6-3829bddb6cd4", "created": "2023-06-05T00:00:00Z", "modified": "2023-06-05T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-targets-canada-ports-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--80ca7bee-ab73-4259-b92c-12e836200fee", "created_by_ref": "identity--ce271e40-cf81-4097-89a0-e6d1a68cdc3e", "created": "2023-06-05T00:00:00Z", "modified": "2023-06-05T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-targets-canada-ports-cyber-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--08d3eff9-2f21-4608-b348-3f0120777b07", "created_by_ref": "identity--30dabdf8-ba53-4adf-96d7-ae0800bf8983", "created": "2023-06-05T00:00:00Z", "modified": "2023-06-05T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "BG" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0915c598-e0c8-41b3-ade8-950acb2b1f37", "created_by_ref": "identity--a853c496-88da-4ddf-81e5-f6d18541b77e", "created": "2023-06-06T00:00:00Z", "modified": "2023-06-06T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://nltimes.nl/2023/06/14/dutch-ports-websites-offline-hours-days-due-pro-russian-cyber-attacks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f9275074-a633-42d5-a262-48594e7ae9a9", "created_by_ref": "identity--fcac4f06-39cf-45c7-96b7-bdc0a5624674", "created": "2023-06-06T00:00:00Z", "modified": "2023-06-06T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://nltimes.nl/2023/06/14/dutch-ports-websites-offline-hours-days-due-pro-russian-cyber-attacks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0d8c7482-9f0b-4aae-a4df-e2ba2efe946d", "created_by_ref": "identity--f50e13a7-5737-48ab-a6c6-c9359b5f69b9", "created": "2023-06-06T00:00:00Z", "modified": "2023-06-06T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://nltimes.nl/2023/06/14/dutch-ports-websites-offline-hours-days-due-pro-russian-cyber-attacks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--fa296bd4-0f46-4d96-af6b-8154482509b9", "created_by_ref": "identity--4ac2357d-134d-42c8-ae27-bba0c2f329ec", "created": "2023-06-06T00:00:00Z", "modified": "2023-06-06T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "PL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b04aa76c-60c9-47fb-99eb-9c4a2e0dc253", "created_by_ref": "identity--e3eec0d9-b041-4230-942b-948b5117c605", "created": "2023-06-06T00:00:00Z", "modified": "2023-06-06T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://nltimes.nl/2023/06/14/dutch-ports-websites-offline-hours-days-due-pro-russian-cyber-attacks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--41b1c4b6-cf04-4990-942b-2b91eec922b7", "created_by_ref": "identity--f45640a5-a5a6-4b82-84b7-84ec608c8d83", "created": "2023-06-06T00:00:00Z", "modified": "2023-06-06T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "ES" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--38b6bd23-8938-4d4c-91a2-76120fa1757d", "created_by_ref": "identity--3eaaf8e0-16f0-4e84-8fd0-4f968f8d7ccd", "created": "2023-06-07T00:00:00Z", "modified": "2023-06-07T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "FI" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6cb22b9a-fd2b-4f81-be2b-6c3fe593cd1e", "created_by_ref": "identity--862fb914-b51c-4033-823d-2702f3a1fe87", "created": "2023-06-07T00:00:00Z", "modified": "2023-06-07T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "GR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1daa4305-726a-4ae0-8f9f-033bd97f57de", "created_by_ref": "identity--2e9e5b4e-7334-43b7-aedc-f8ee0cd3c56f", "created": "2023-06-07T00:00:00Z", "modified": "2023-06-07T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "DE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b86fd955-6e80-4a46-bdb5-53de415f108b", "created_by_ref": "identity--27c7ce97-f73a-45fe-bea3-f28e8ae3586c", "created": "2023-06-07T00:00:00Z", "modified": "2023-06-07T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "SE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f1d4c598-f439-4f7a-910e-62193678ebfc", "created_by_ref": "identity--3ded3624-5b48-4320-b0e4-dc5bdc1f879c", "created": "2023-06-08T00:00:00Z", "modified": "2023-06-08T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "SE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d0d1e009-14ff-4e2e-8e1c-2066d700dcf7", "created_by_ref": "identity--ee83f131-ff4d-4b1a-b689-88b60f6d1456", "created": "2023-06-08T00:00:00Z", "modified": "2023-06-08T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "SE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--10c2f91a-ff84-4282-8827-788b6a447554", "created_by_ref": "identity--66d4bd0a-191c-4c3a-a510-6e09dcdeff60", "created": "2023-06-08T00:00:00Z", "modified": "2023-06-08T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "SE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--30ec42a5-3d0b-4861-bcad-72f16be55f16", "created_by_ref": "identity--c475a563-57ef-41c3-af0d-20b4f2a5c898", "created": "2023-06-08T00:00:00Z", "modified": "2023-06-08T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3e311e68-5d6b-493e-89e8-3650b0a1ce34", "created_by_ref": "identity--1b3c7764-de45-4e4b-88bf-4870d67486e5", "created": "2023-06-08T00:00:00Z", "modified": "2023-06-08T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8d1c110e-1722-4713-b4d9-af5de36cb960", "created_by_ref": "identity--f8a08c06-6a07-43ab-9273-88f666b22881", "created": "2023-06-08T00:00:00Z", "modified": "2023-06-08T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "SE" }, "threat_actor": "Hacktivism", "external_references": [ { "source_name": "Reference", "url": "https://blog.kybervandals.com/ports-and-logistics-are-the-new-targets-of-noname057/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--78db9ae3-bc87-4cb6-8b2a-9efa0d9e4555", "created_by_ref": "identity--7a40dbc0-806e-4ee1-b628-faa6a84b7153", "created": "2023-06-09T00:00:00Z", "modified": "2023-06-09T00:00:00Z", "name": "Denial of service", "description": "According to sources, the Authority of Port System successfully defended against Distributed Denial of Service (DDoS) attacks that targeted Italian port authorities' Internet servers. While other Italian port authorities experienced temporary outages due to DDoS attacks that flood computer systems with abnormal traffic requests, the victim managed to withstand the attacks. The attacks lasted for several days and produced a sustained traffic volume of more than 10 million requests per hour (with peaks of 13 million per hour). The port utilized previously installed protection systems and implemented additional security configurations during the peak attack phase to ensure normal website access while blocking or limiting potentially harmful traffic.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.informare.it/news/gennews/2023/20230913-AdSP-Tirreno-Sett-battaglia-contro-pirati-informaticiuk.asp" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--46dfdfcc-613f-489e-bf92-a726d39c8003", "created_by_ref": "identity--a3fca27b-a758-46f3-b79b-efb4b497c787", "created": "2023-06-09T00:00:00Z", "modified": "2023-06-09T00:00:00Z", "name": "Denial of service", "description": "A cyber attack targeted numerous port websites worldwide, including the victim. According to the digital authority of the Liguria region, the cyber defences successfully withstood the attack, with no consequences for its internal servers, as confirmed by the port authority. The attacking group claimed the attack, linking it to Italy's military aid to Ukraine.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.primocanale.it/cronaca/27077-cyber-attacco-porti-quello-genova-resiste-liguria-digitale.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a7be51cc-5899-4d56-8a4b-29660349161f", "created_by_ref": "identity--d669a031-f181-4380-a59b-b1e67de0500c", "created": "2023-06-14T00:00:00Z", "modified": "2023-06-14T00:00:00Z", "name": "Virus/Ransomware", "description": "A U.K.-based energy giant known for its extensive operations in the oil and gas sector, was impacted by the exploit of the vulnerability in the MOVEit Transfer software by an attacking group. According to sources, the attacking group had been exploiting the flaw since May 2023 to gain access to a diverse range of entities and subsequently started to list its victims on a dark web leak site. The affected parties span across U.S. financial services, European energy conglomerates, and several other sectors. Diverging from common tactics, the attacking group chose not to directly notify the infiltrated entities but posted a blackmail note on its leak site, directing victims to initiate contact before an impending deadline. Some organizations, such as governmental departments, have confirmed potential data exposure involving citizens. However, the attacking group asserts that they've deleted data for select government institutions.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Cl0p", "external_references": [ { "source_name": "Reference", "url": "https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3b51358f-32c3-4819-945d-5b4307ab9336", "created_by_ref": "identity--26555e72-6293-4288-aeeb-d4b7524c46c3", "created": "2023-06-20T00:00:00Z", "modified": "2023-06-20T00:00:00Z", "name": "Denial of service", "description": "According to the source, the port was hit by a Distributed Denial of Service (DDoS) attack.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.zataz.com/la-france-de-nouveau-cyber-attaquee-par-des-pro-russes/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ccca6cac-849c-4d9d-8176-f66d1e0f8b74", "created_by_ref": "identity--2bd577ec-1ba5-42a8-9f02-38c76068597c", "created": "2023-06-20T00:00:00Z", "modified": "2023-06-20T00:00:00Z", "name": "Denial of service", "description": "According to the source, the Port of Brussels was hit by a Distributed Denial of Service (DDoS) attack.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "BE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.zataz.com/la-france-de-nouveau-cyber-attaquee-par-des-pro-russes/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--faec03b6-1633-406d-9fc0-34f29689d4c6", "created_by_ref": "identity--f9594112-52ad-4b47-9004-70af74c1f42f", "created": "2023-04-24T00:00:00Z", "modified": "2023-04-24T00:00:00Z", "name": "Virus/Ransomware", "description": "A ransomware cyber attack occurred at Pengerang Independent Terminals (PTSB) in Malaysia, which is linked to the victim, a company specializing in the storage of fossil fuels and other products. Despite the incident, the terminal was reported to be still operational, and an investigation is underway. The company has confirmed the incident and expressed apologies for any inconvenience caused.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "NL" }, "threat_actor": "BlackCat", "external_references": [ { "source_name": "Reference", "url": "https://www.bnnbloomberg.ca/vopak-suffers-data-breach-at-crude-terminal-in-malaysia-1.1911281" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7fade056-5237-49bf-8fec-104fff82304f", "created_by_ref": "identity--76303ebd-5a1b-4269-b218-58bea4aec608", "created": "2023-05-05T00:00:00Z", "modified": "2023-05-05T00:00:00Z", "name": "Denial of service", "description": "According to sources, the victim was targeted by the pro-Russian \"hacker\" group NoName057(16) during a Distributed Denial of Service attacks campaing targeting French entitties. These cyber adversaries have expressed concerns over the nation's involvement in the ongoing conflict between Ukraine and Russia, following renewed support announcements in favor of Ukraine. The attack resulted in short service disruptions. The group has been targeting Western organizations with similar DDoS attacks for a few months.", "sector": "Industry", "incident_type": "Denial of service", "location": { "country": "FR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://securityaffairs.com/145813/hacktivism/noname-ddos-french-senate.html https://cybernews.com/cyber-war/noname-attacks-french-senate/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--98472a1f-6b8c-4d72-8679-bff47cca5045", "created_by_ref": "identity--495dd74f-9c13-4c7f-a913-2eb3d76c692f", "created": "2023-05-11T00:00:00Z", "modified": "2023-05-11T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim is hit by a ransomware attack by a group who started its activity in April 2023.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Akira", "external_references": [ { "source_name": "Reference", "url": "https://cloudsek.com/threatintelligence/akira-ransomware-what-you-need-to-know" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3da5769b-65b8-46a8-adb4-b593e1d30c69", "created_by_ref": "identity--e7f536df-e826-41d8-ad8c-cde620f32df6", "created": "2023-06-02T00:00:00Z", "modified": "2023-06-02T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, managing a container terminal in Italy, was targeted by a cyber attack on June 2, 2023. The gang stated that they had exfiltrated a significant amount of data from the affected organization's IT infrastructure. The website of the affected organization went down, displaying a \"Site under maintenance\" message on the homepage and returning errors on subpages, altough it cannot be said if it was due to the attack itself or to the remediation process.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "IT" }, "threat_actor": "Darkrace", "external_references": [ { "source_name": "Reference", "url": "https://www.redhotcyber.com/post/la-cyber-gang-darktrace-rivendica-un-attacco-allitaliana-conateco-il-sito-web-e-offline/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0f4f3415-06c6-43ce-ac4d-f7b458414e0f", "created_by_ref": "identity--d7c4965f-dfae-4080-84ed-1ae4df241caa", "created": "2023-06-13T00:00:00Z", "modified": "2023-06-13T00:00:00Z", "name": "Undisclosed", "description": "The victim confirmed a significant financial loss of approximately $85 million resulting from a recent cybersecurity incident. The incident, announced on June 13, affected the company's systems and some facilities. Although attacking ransomware group wasn't explicitly disclosed, it necessitated halting operations in certain locations while experts and law enforcement addressed the situation. The CEO later revealed that the cyber incident had a substantial impact on the company's Q2 financial outlook. This \"IT security incident\" led to lower-than-expected Q2 financial results and took nine days to fully recover, causing critical disruptions. The incident would reduce full-year earnings by an estimated $60 to $70 million, with Q2 revenue being impacted by as much as $85 million. The cyberattack had significant repercussions, particularly affecting segments outside of propulsion and engine parts.", "sector": "Shipyard", "incident_type": "Undisclosed", "location": { "country": "US" }, "threat_actor": "Undisclosed", "external_references": [ { "source_name": "Reference", "url": "https://www.boatindustry.fr/article/43525/le-groupe-brunswick-vise-par-une-cyberattaque https://www.insidermonkey.com/blog/brunswick-corporation-nysebc-q2-2023-earnings-call-transcript-1172914/ https://therecord.media/marine-industry-giant-brunswick-lost-millions" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ca1698d7-7350-4416-af39-202bbf12863c", "created_by_ref": "identity--a617433a-c727-4664-a79f-0caf339dd3e5", "created": "2023-06-21T00:00:00Z", "modified": "2023-06-21T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim was hit by a ransomware attack disrupting transactions at gas stations across Canada, as well as the unavailability of its mobile app and other various services. There was no evidence of customer, supplier, or employee data compromise or misuse. The attacking group seems to remain unknown.", "sector": "Offshore", "incident_type": "Virus/Ransomware", "location": { "country": "CA" }, "threat_actor": "Cybercrime", "external_references": [ { "source_name": "Reference", "url": "https://www.bleepingcomputer.com/news/security/suncor-energy-cyberattack-impacts-petro-canada-gas-stations/ https://www.offshore-energy.biz/canadian-oil-gas-player-runs-into-cyber-security-incident/ https://www.cybersecuritydive.com/news/suncor-ceo-cyberattack-recovery/691167/ https://www.sec.gov/Archives/edgar/data/311337/000110465923074667/tm2318006d2_ex99-1.htm" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f07ba067-f30b-4ac3-bd4e-3cd0ee172469", "created_by_ref": "identity--f6c302d4-f552-4177-b646-d86022c3b25c", "created": "2023-07-04T00:00:00Z", "modified": "2023-07-04T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim port is Japan's largest since 2002 in terms of cargo throughput, and is responsible for handling significant car exports and imports. It processes over 200 million tons of cargo annually, plays a pivotal role in the region's economic activities. According to sources, around July 4, the victim's operations faced disruptions due to an alleged ransomware attack. Several anomalies were observed in their automated systems, including the inability to identify trucks at one of its primary docks. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of LockBit 3.0, which claimed the attack. The incident might have affected an estimated 15,000 containers and influenced related businesses, including major car manufacturers in the region. Operations linked to a renowned automobile corporation faced potential challenges, primarily in their packaging plant for exported car parts. Additionally, sensors at the port's entrance were non-operational, causing significant delays and disruptions in cargo loading and unloading. This widespread disturbance led to a temporary congestion of trailers at the port.", "sector": "Port", "incident_type": "Virus/Ransomware", "location": { "country": "JP" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "https://english.kyodonews.net/news/2023/07/3ec31b352357-japans-biggest-port-hit-by-suspected-cyberattack-operations-halted.html#:~:text=Japan's%20biggest%20port%20hit%20by%20suspected%20cyberattack%2C%20operations%20halted,-KYODO%20NEWS%20%2D%209&text=The%20Port%20of%20Nagoya%2C%20Japan's,Wednesday%20it%20suspects%20a%20cyberattack https://maritime-executive.com/article/ransomware-attack-stops-container-operations-japan-s-nagoya-port https://www.porttechnology.org/news/port-of-nagoya-recovers-from-ransomware-attack/ https://www.asahi.com/ajw/articles/14954966" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--654523b9-98fb-452b-baad-9fef0f3a6e7d", "created_by_ref": "identity--7d1eceb9-7948-4e52-95ff-c02bf92b9927", "created": "2023-07-14T00:00:00Z", "modified": "2023-07-14T00:00:00Z", "name": "Virus/Ransomware", "description": "Reports have emerged that a ransomware group recently claimed to have attack an important defense company based in Turkey and specializing in high-tech products and subsystems for armed Forces and security forces. If the claims are true, the breach could lead to the exposure of sensitive defense-related information, potentially including classified documents, proprietary technology, intellectual property, and even personally identifiable information (PII) of employees or clients.", "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "TR" }, "threat_actor": "Money Message", "external_references": [ { "source_name": "Reference", "url": "https://cybersoochna.com/money-message-ransomware-group-targets-meteksan-defence-industry-inc-in-turkey/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a53c5532-16db-42d6-86fa-683dff7d10cd", "created_by_ref": "identity--7b331671-4a26-4c8b-b5f5-de2b7a4bffcd", "created": "2023-07-24T00:00:00Z", "modified": "2023-07-24T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim is an important group of the aerospace and defense industry. It was reported to be hit by a ransomware group. The attack could have resulted in the leak of over 20 GB of sensitive personal data belonging to pilots and ground staff associated with the partners of the victim from many parts of the world. The victim initiated a comprehensive investigation, collaborating with cybersecurity experts and law enforcement agencies to contain the breach and mitigate potential damages and urged affected individuals to monitor their personal information, remain vigilant against phishing attempts, and report suspicious activity.", "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Bianlian", "external_references": [ { "source_name": "Reference", "url": "https://cybersoochna.com/bianlian-ransomware-group-targets-collins-aerospace-exposes-personal-data-of-pilots-and-ground-staff/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0e394f8c-3e3e-4941-b587-918b9f200164", "created_by_ref": "identity--207dbaea-d944-498f-85de-cec22f213164", "created": "2023-07-27T00:00:00Z", "modified": "2023-07-27T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim is the provider of marine and offshore services to the shipping, oil, gas and energy sectors. The was reported as having been hit by a ransomware group.", "sector": "Shipyard", "incident_type": "Virus/Ransomware", "location": { "country": "AE" }, "threat_actor": "Cl0p", "external_references": [ { "source_name": "Reference", "url": "https://cybersoochna.com/cl0p-publishes-fresh-list-of-victim-organizations-arrow-electronics-drydocks-world-dubai-hinduja-group-and-philips/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--3c91ab2a-81df-4c98-84b9-dfaeb196f7ee", "created_by_ref": "identity--f1b7df9b-a01e-41ec-8a4c-9f0cc782a7c6", "created": "2023-08-09T00:00:00Z", "modified": "2023-08-09T00:00:00Z", "name": "Denial of service", "description": "According to sources, a pro-Russian hacking group recently launched DDoS attacks against several websites in the Netherlands, amongst which this seaport. The claim, nature and pattern of these attacks suggest that they were orchestrated in the context of the ongoing geopolitical tensions.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://therecord.media/prorussian-hackers-claim-attacks" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a9b3b110-9fe2-44a8-b892-6102be38ab23", "created_by_ref": "identity--7f58b0d3-37b9-48ca-ad05-dfa88ee2530d", "created": "2023-08-11T00:00:00Z", "modified": "2023-08-11T00:00:00Z", "name": "Denial of service", "description": "According to sources, the victim port was targeted by the pro-Russian \"hacker\" group NoName057(16) during a Distributed Denial of Service attacks campaing. These cyber adversaries have expressed concerns over the nation's involvement in the ongoing conflict between Ukraine and Russia, following new support announcements in favor of Ukraine. Other German infrastructures were targeted during the same attack. The attack resulted in short service disruptions.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "DE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/tension-soars-as-russian-hackers-target-germany-over-ukraines-military-aids/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--479aeb93-6b73-42ef-ad77-dc012de64f86", "created_by_ref": "identity--a5d95fe2-297b-42e9-b1f8-0704ab7b290d", "created": "2023-08-14T00:00:00Z", "modified": "2023-08-14T00:00:00Z", "name": "Denial of service", "description": "The victim experienced a cyber disruption when their website was rendered inaccessible due to a reported DDoS attack. This comes after the same cyber group compromised another major electronics company within the country. According to sources, the attacking ransomware organization has claimed responsibility for the cyberattack on the victim's website. The group's recurring focus on Thai entities and their propensity for publicizing stolen data has emerged as a distinctive pattern in their operations.", "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "TH" }, "threat_actor": "NDT SEC", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/ndt-sec-disabled-the-royal-thai-navys-website-with-ddos-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--93197f4c-951c-4494-8674-eaebbd3a1cb5", "created_by_ref": "identity--ad248ab5-16e3-4590-8ea5-7524a17d3d0b", "created": "2023-08-16T00:00:00Z", "modified": "2023-08-16T00:00:00Z", "name": "Denial of service", "description": "According to sources, the victim shipyard was targeted by a pro-Russian \"hacker\" group during a Distributed Denial of Service attacks campaing. Other infrastructures and organisations were targeted during the same attack. The attack resulted in short service disruptions.", "sector": "Shipyard", "incident_type": "Denial of service", "location": { "country": "PL" }, "threat_actor": "Net-Worker Alliance", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/cyber-attack-on-poland-warsaw-stock-exchange/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--90be9fde-4344-4dd1-b72a-fb9fb8e5783d", "created_by_ref": "identity--9bb8edda-2e48-4f0f-88be-f535a9f04d90", "created": "2023-08-16T00:00:00Z", "modified": "2023-08-16T00:00:00Z", "name": "Denial of service", "description": "According to sources, the victim port was targeted by a pro-Russian \"hacker\" group during a Distributed Denial of Service attacks campaing. Other infrastructures and organisations were targeted during the same attack. The attack resulted in short service disruptions.", "sector": "Port", "incident_type": "Denial of service", "location": { "country": "PL" }, "threat_actor": "Net-Worker Alliance", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/cyber-attack-on-poland-warsaw-stock-exchange/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--5a3e0c5e-371a-4022-b06d-98ab7b6f38f9", "created_by_ref": "identity--f65dc5fa-d3b0-4c7e-9ee0-2295a54cfa13", "created": "2023-08-22T00:00:00Z", "modified": "2023-08-22T00:00:00Z", "name": "Denial of service", "description": "A major gas station conglomerate was victim of a targeted cyberattack. According to sources, the attacking group claimed responsibility for the attack, allegedly impacting the website of the company in Ukraine and over 200 gas station networks throughout the country. Without specifying all affected entities, the attackers singled out three primary targets, emphasizing their large-scale impact in the country. The significance of the breach was further underlined as it coincided with Ukraine's independence day, a detail the attackers highlighted in their messages.", "sector": "Shipowner", "incident_type": "Denial of service", "location": { "country": "NO" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/norway-cyber-attack-noname-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--26f31230-3c11-42e3-8f60-64b39a9622e0", "created_by_ref": "identity--0d23ec01-bf69-4fe4-ae7e-1bb24c1d1d80", "created": "2023-08-24T00:00:00Z", "modified": "2023-08-24T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Offshore", "incident_type": "Denial of service", "location": { "country": "UA" }, "threat_actor": "Killnet", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/gas-station-cyber-attacks/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c6a1337c-294d-4b41-8dcb-c90934851285", "created_by_ref": "identity--63dcb0e2-04b8-4371-9800-3c9319f86e20", "created": "2023-08-29T00:00:00Z", "modified": "2023-08-29T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim identified a cyber security incident involving an unauthorized third party access. Contingency plans were put into action by the victim to continue operations, and digital investigations were conducted. Based the information provided by the company, it could not be determined that the attacking party actually exfiltrated data from the digital systems of the victim.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "NL" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "https://www.kendrion.com/en/about-kendrion/investor-relations/press-releases/press-releases-detail-page/kendrion-experiences-cyber-security-incident/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--640279b2-0cc4-45d1-b2bd-9e27eeda6725", "created_by_ref": "identity--1b6a236f-5cf1-4f6b-832a-32625d5e7064", "created": "2023-05-16T00:00:00Z", "modified": "2023-05-16T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim, identified as an aerospace and defense company, recently came under suspicion of a cyber breach. A cybersecurity firm reported that a ransomware group claims to have infiltrated the company, potentially exfiltrating data pertaining to their collaboration on an Army communication system. In addition to their aerospace and defense endeavors, the company has been involved in significant deals and contracts, highlighting its stature and critical importance in the sector. According to sources, in response to the potential breach, the company confirmed an IT \"system disruption\" that impacted a segmented network at a single site. There was no direct mention of any data loss due to the incident. The claiming group shared an image of an apparent blog post advertising the sale of data associated with a technological program conducted by the company. The specifics of whether any actual data theft or compromise occurred remain ambiguous. The group allegedly behind the company's breach seems to primarily focus on North American manufacturers.", "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Abyss", "external_references": [ { "source_name": "Reference", "url": "https://eu.floridatoday.com/story/money/business/2023/05/16/did-l3harris-lose-defense-data-to-hackers/70222535007/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a795e618-39a8-435b-9448-c54fefe02e6f", "created_by_ref": "identity--3c24f49b-0664-4d80-bf51-977629349684", "created": "2023-05-20T00:00:00Z", "modified": "2023-05-20T00:00:00Z", "name": "Denial of service", "description": "The victim, a fovernment entity from the UAE, is a claimed by a hacktivist group as having been targeted by a Distributed Denial of Service (DDoS) attack during a campain targeting multiple government websites of the victim. The claim came forth on 20th May 2023, accompanied by evidence shared on the actor’s Telegram post to validate the successful execution of the DDoS attack. This proof was in the form of links to a utility platform that confirms the real-time availability and responsiveness of a domain or IP address. According to sources, the aforementioned hacktivist group has a history of leveraging DDoS attacks against institutions and governmental infrastructures. The motivation behind such attacks often stems from political issues, with other groups like 'Anonymous Sudan' showing parallels in their targeting patterns, particularly influenced by geopolitical circumstances.", "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "AE" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://cloudsek.com/threatintelligence/mysterious-team-bangladesh-targets-multiple-uae-government-websites-with-ddos-attacks-under-opuae-campaign" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f9842ae2-00ab-41ff-b2fb-9bd0c58ac127", "created_by_ref": "identity--d124ed3d-388f-402b-b443-42c2a7c74e23", "created": "2023-05-20T00:00:00Z", "modified": "2023-05-20T00:00:00Z", "name": "Denial of service", "description": "The victim, a fovernment entity from the UAE, is a claimed by a hacktivist group as having been targeted by a Distributed Denial of Service (DDoS) attack during a campain targeting multiple government websites of the victim. The claim came forth on 20th May 2023, accompanied by evidence shared on the actor’s Telegram post to validate the successful execution of the DDoS attack. This proof was in the form of links to a utility platform that confirms the real-time availability and responsiveness of a domain or IP address. According to sources, the aforementioned hacktivist group has a history of leveraging DDoS attacks against institutions and governmental infrastructures. The motivation behind such attacks often stems from political issues, with other groups like 'Anonymous Sudan' showing parallels in their targeting patterns, particularly influenced by geopolitical circumstances.", "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "AE" }, "threat_actor": "Mysterious Team Bangladesh", "external_references": [ { "source_name": "Reference", "url": "https://cloudsek.com/threatintelligence/mysterious-team-bangladesh-targets-multiple-uae-government-websites-with-ddos-attacks-under-opuae-campaign" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9f2be1fa-e13f-4ab7-80f9-8440967931ca", "created_by_ref": "identity--f116f735-96b3-447c-b5a1-724f332ff018", "created": "2023-06-26T00:00:00Z", "modified": "2023-06-26T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim is a leading multinational company based in France. The corporation has a prominent global presence, boasting an annual revenue exceeding $37 billion. It is renowned for its expertise in digital automation and energy management, with its products being integral to numerous crucial sectors around the globe. According to sources, on May 30th, 2023, the company acknowledged potential vulnerabilities in the Progress MOVEit Transfer software. The company acted swiftly by implementing the available mitigation measures to safeguard data and infrastructure, keeping a vigilant watch over the evolving situation. However, a twist emerged on June 26th, 2023, when the company was alerted to claims suggesting that they had fallen prey to a cyber-attack related to MOVEit vulnerabilities. The victim has yet to confirm the legitimacy of Cl0p's allegations.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Cl0p", "external_references": [ { "source_name": "Reference", "url": "https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--feed05e3-e34f-466f-981d-5eb222ca2579", "created_by_ref": "identity--3ae97fde-c1b0-4c3d-9f62-6e011d338eef", "created": "2023-06-27T00:00:00Z", "modified": "2023-06-27T00:00:00Z", "name": "Virus/Ransomware", "description": "The victim is a leading energy technology firm headquartered in Munich. The company has a vast global footprint, with 91,000 employees and an annual turnover of $35 billion. It specializes in the design, development, and production of various industrial goods, from industrial control systems to advanced power units, renewable energy solutions, and comprehensive energy delivery mechanisms. Moreover, they offer cybersecurity consultation services tailored to the oil and gas sector, encompassing areas like incident response, vulnerability evaluations, and patch management. According to sources, the victim has acknowledged a breach resulting from the Cl0p ransomware's data-theft assaults that took advantage of a zero-day flaw in the MOVEit Transfer platform. The Cl0p threat group subsequently listed the victim on its data leak website, signifying that they had successfully extracted data during the cyber intrusion. This listing tactic is a part of Cl0p's strategy to exert pressure on their victims, typically preceding an actual leak of the stolen data. While there hasn't been a data leak as of now, the victim confirmed the breach linked to the MOVEit Transfer vulnerability, designated as CVE-2023-34362. The victim emphasized that the breach did not lead to the compromise of any critical data, and their business operations remain unaffected.", "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "Cl0p", "external_references": [ { "source_name": "Reference", "url": "https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7431a528-e2cf-4422-b55e-485b185e17ac", "created_by_ref": "identity--2c929134-0a38-4bbe-9d69-6fcc637e4d45", "created": "2023-07-10T00:00:00Z", "modified": "2023-07-10T00:00:00Z", "name": "Legitimate access", "description": "According to sources, two Navy sailors stationed in Southern California were apprehended on charges of leaking military secrets and confidential data to foreign intelligence agents. One of the sailors serving on an amphibious assault ship was accused under the Espionage Act of spying. Due to his role and security clearance, he had the potential to access and share highly sensitive national security information. The other sailor, stationed in a naval base was alleged to have accepted bribes in return for providing confidential U.S. military details to the same foreign intelligence service with a person masquerading as an economic researcher. The extent of the information leak, its potential impacts, and the duration of this espionage activity remain areas of concern that will likely be addressed in ongoing investigations.", "sector": "Defence", "incident_type": "Legitimate access", "location": { "country": "US" }, "threat_actor": "China", "external_references": [ { "source_name": "Reference", "url": "https://www.nytimes.com/2023/08/03/us/politics/navy-sailors-spy-china.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--9afddf9b-7a34-4333-a9a5-1e0327a3b361", "created_by_ref": "identity--38ee6506-255f-4222-912c-6308ca5d778c", "created": "2023-07-19T00:00:00Z", "modified": "2023-07-19T00:00:00Z", "name": "Denial of service", "description": "According to sources, following Spain's pledge to back the Ukrainian government, multiple sectors within the country, encompassing were targeted by Distributed Denial of Service (DDoS) cyber-attacks. During 15 days, the country has been targeted by over DDoS cyber-attacks, which Tactics, Techniques and Procedures (TTPs) traced back to the NoName057(16) group. The impact on the websites tended to be short-lived, with most targeted websites resuming operations within the day of the assault.", "sector": "IT Services", "incident_type": "Denial of service", "location": { "country": "ES" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.surinenglish.com/spain/russia-unleashes-huge-campaign-cyber-attacks-spain-20230804162919-nt.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--28562820-e920-4355-a153-e8df42628426", "created_by_ref": "identity--0b50f1e7-e544-45c5-9725-3df3247712dc", "created": "2023-02-21T00:00:00Z", "modified": "2023-02-21T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "FR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.numerama.com/cyberguerre/1277226-des-hackers-russes-sattaquent-a-la-france-pendant-le-discours-de-poutine.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--66ed6c75-b08e-459d-9fff-a64ca96edd8f", "created_by_ref": "identity--57d5957a-deef-4c44-a2f7-273ca4c90207", "created": "2023-02-24T00:00:00Z", "modified": "2023-02-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "SNATCH", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/hemeria-group-data-breach-snatch-ransomware/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a693935d-0bc3-49df-848a-d33ec722980e", "created_by_ref": "identity--49a1b398-312c-4920-81a9-6a001417dd3a", "created": "2023-04-22T00:00:00Z", "modified": "2023-04-22T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.globaldomainsnews.com/prorussian-pirates-new-cyberattacks-against-the-port-of-montreal" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--67274518-8176-45bf-8e6e-5e91395e5723", "created_by_ref": "identity--1fa0e587-d658-41ce-9263-29c1ebcdefc0", "created": "2023-04-23T00:00:00Z", "modified": "2023-04-23T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.globaldomainsnews.com/prorussian-pirates-new-cyberattacks-against-the-port-of-montreal" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--84b7c7fa-7633-4be0-bd3a-0f9a6923ed4a", "created_by_ref": "identity--c62e99ee-db21-4aa5-af9a-414b2661e0e1", "created": "2023-05-14T00:00:00Z", "modified": "2023-05-14T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "DE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/the-czech-foreign-ministry-cyber-attack-noname/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b19fa7d8-62fe-420d-b464-2b9c0a288a61", "created_by_ref": "identity--33a14d2c-80b8-4dbc-8fff-c0f15346ae4f", "created": "2023-05-14T00:00:00Z", "modified": "2023-05-14T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "DE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/the-czech-foreign-ministry-cyber-attack-noname/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8d208193-d1ca-477a-9583-f830a22bf032", "created_by_ref": "identity--2c73e1bf-07df-4512-8f28-21d5c61ec0eb", "created": "2023-05-17T00:00:00Z", "modified": "2023-05-17T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Industry", "incident_type": "Denial of service", "location": { "country": "AE" }, "threat_actor": "ANONYMOUS_SUDAN", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/ddos-attack-on-emirates-national-oil-company/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a3ece60a-7532-4eb9-8b95-7005d95fda40", "created_by_ref": "identity--ecf37c75-231b-47a6-9879-c2af707cad2a", "created": "2023-08-14T00:00:00Z", "modified": "2023-08-14T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "GB" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "https://www.express.co.uk/news/world/1808814/Russia-cyber-terrorism-hack-Ukraine" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--34426b2c-9424-47ad-9dcf-2ab6ca1e543a", "created_by_ref": "identity--91097a14-de57-4248-ae36-af2d273fbace", "created": "2023-09-06T00:00:00Z", "modified": "2023-09-06T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "PLAY", "external_references": [ { "source_name": "Reference", "url": "https://cyberwarzone.com/play-ransomware-group-targets-six-prominent-companies/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1abaa70c-6a44-4330-83ab-8d3aaddb7f1e", "created_by_ref": "identity--5f6f1459-ce77-4ac2-a40d-fe14fb4284d1", "created": "2023-09-10T00:00:00Z", "modified": "2023-09-10T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "DARKSTORM_TEAM", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8a5786f1-154e-4a73-bb3c-afbcc2fb2cc1", "created_by_ref": "identity--143df480-37be-42ff-a485-ded63e0bb8a9", "created": "2023-09-10T00:00:00Z", "modified": "2023-09-10T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "DARKSTORM_TEAM", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d900c6ba-1c1a-468c-8fad-775b14dc490b", "created_by_ref": "identity--d9515429-385f-4fc4-a6c6-2c145c97c2d5", "created": "2023-09-11T00:00:00Z", "modified": "2023-09-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "HR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6fc4c57d-a353-4ec5-b92e-f530f6c11c1f", "created_by_ref": "identity--2cbc6556-a9c6-4356-b7c0-1a4b6b8a2260", "created": "2023-09-11T00:00:00Z", "modified": "2023-09-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "HR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--0f7cb4ab-b49e-4ac8-aa61-706a61a58063", "created_by_ref": "identity--f5ed2a3f-e018-4ff1-a202-3cf77d2f7567", "created": "2023-09-11T00:00:00Z", "modified": "2023-09-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "HR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--00f12d70-5d53-4e10-8b6c-e8681a81d619", "created_by_ref": "identity--2189175c-d183-4846-9a3e-034413b75d3d", "created": "2023-09-11T00:00:00Z", "modified": "2023-09-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "HR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a97361c2-73fa-4d19-9f6c-eb8e0e9f3d7a", "created_by_ref": "identity--a7bcbeb5-9b7c-4d14-b635-5378a94cabef", "created": "2023-09-11T00:00:00Z", "modified": "2023-09-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "HR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--55c8ba27-84aa-438b-9498-8c9172df8a5c", "created_by_ref": "identity--b8de608e-ecd7-4a57-930d-675e90816a7b", "created": "2023-09-11T00:00:00Z", "modified": "2023-09-11T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "BG" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.cybertecwiz.com/nato-ports-under-siege-from-noname-russian-hackers/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2bc855fa-faa2-4229-a790-8c2be4ad3e3f", "created_by_ref": "identity--d91b9e16-c97c-4a99-b6c4-18763bf99616", "created": "2023-09-12T00:00:00Z", "modified": "2023-09-12T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Administration", "incident_type": "Virus/Ransomware", "location": { "country": "CA" }, "threat_actor": "NOESCAPE", "external_references": [ { "source_name": "Reference", "url": "hthttps://www.theregister.com/2023/09/15/ijc_noescape_ransomware/tps://therecord.media/us-canada-water-commission-investigating-cyberattack " }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8028072d-087c-4b22-9e3a-734c3233165b", "created_by_ref": "identity--23a0427c-d0c4-44fd-87ce-0e180cc645e0", "created": "2023-09-14T00:00:00Z", "modified": "2023-09-14T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "CA" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.lapresse.ca/actualites/national/2023-09-14/cyberattaques/un-groupe-russophone-revendique-d-autres-attaques-de-sites-gouvernementaux.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c34c815b-ca28-4c0c-8b49-5110f9d766a9", "created_by_ref": "identity--987d3ed1-1141-4743-95b6-b1472c75f6f6", "created": "2023-09-18T00:00:00Z", "modified": "2023-09-18T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "FI" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://yle.fi/a/74-20050662" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8017cdf7-6e23-4392-9363-66d4f69119e3", "created_by_ref": "identity--40ace467-5602-4753-afaa-4be2a9e62b92", "created": "2023-09-25T00:00:00Z", "modified": "2023-09-25T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Defence", "incident_type": "Denial of service", "location": { "country": "US" }, "threat_actor": "Killnet", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/cyber-attack-on-lockheed-martin-target-us/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f769a72d-1e0d-4f9b-b6a4-07af23d92a68", "created_by_ref": "identity--ac052bb7-c111-40b8-bea5-962bb9625855", "created": "2023-09-28T00:00:00Z", "modified": "2023-09-28T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "GB" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://thecyberexpress.com/noname-ransomware-group-targets-uk-transport/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a1ac7080-90c7-4a87-9e0c-10964484d215", "created_by_ref": "identity--958197f5-f616-4ace-9012-baa840417042", "created": "2023-10-09T00:00:00Z", "modified": "2023-10-09T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "PS" }, "threat_actor": "INDIAN_CYBER_FORCE", "external_references": [ { "source_name": "Reference", "url": "https://www.techopedia.com/israel-hamas-cyber-war" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6254f5fe-ecd8-4605-b586-27312a996bb8", "created_by_ref": "identity--35d8846e-afc0-4a00-8b90-e9b194c8f842", "created": "2023-10-19T00:00:00Z", "modified": "2023-10-19T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "EE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.leparisien.fr/faits-divers/corsica-ferries-le-site-de-la-compagnie-cible-par-une-cyberattaque-des-hackers-pro-russes-revendiquent-laction-28-10-2023-MHLKVN37VFAUNDFRNLF7IHFR7Q.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--cb65e892-68ca-4db4-b803-998257cff61c", "created_by_ref": "identity--625bb553-8b65-4be0-9c25-d10f7bd6cfcd", "created": "2023-10-19T00:00:00Z", "modified": "2023-10-19T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "IR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.leparisien.fr/faits-divers/corsica-ferries-le-site-de-la-compagnie-cible-par-une-cyberattaque-des-hackers-pro-russes-revendiquent-laction-28-10-2023-MHLKVN37VFAUNDFRNLF7IHFR7Q.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2ff5d6e5-e196-48f0-876b-051c15a71903", "created_by_ref": "identity--c2f4d458-8b57-48bb-ad1c-341f1f579a6c", "created": "2023-10-19T00:00:00Z", "modified": "2023-10-19T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "FR" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.leparisien.fr/faits-divers/corsica-ferries-le-site-de-la-compagnie-cible-par-une-cyberattaque-des-hackers-pro-russes-revendiquent-laction-28-10-2023-MHLKVN37VFAUNDFRNLF7IHFR7Q.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1907134e-63b1-403f-985c-e248a35edd73", "created_by_ref": "identity--b9706de1-ea9a-4a8a-970a-d6c595639f26", "created": "2023-10-19T00:00:00Z", "modified": "2023-10-19T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "GB" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.leparisien.fr/faits-divers/corsica-ferries-le-site-de-la-compagnie-cible-par-une-cyberattaque-des-hackers-pro-russes-revendiquent-laction-28-10-2023-MHLKVN37VFAUNDFRNLF7IHFR7Q.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f415cf4d-d01f-4efc-9b7c-3eb2a169bafd", "created_by_ref": "identity--1e8dbeed-0e62-4229-a0a1-08ea746fac15", "created": "2023-10-19T00:00:00Z", "modified": "2023-10-19T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "SE" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.leparisien.fr/faits-divers/corsica-ferries-le-site-de-la-compagnie-cible-par-une-cyberattaque-des-hackers-pro-russes-revendiquent-laction-28-10-2023-MHLKVN37VFAUNDFRNLF7IHFR7Q.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--25c8ea8e-1c60-4faa-a39e-8a985dbb3c9a", "created_by_ref": "identity--0054e6e0-fdc5-4fb8-bf99-e65a57caa9a3", "created": "2023-10-19T00:00:00Z", "modified": "2023-10-19T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "NO" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://www.leparisien.fr/faits-divers/corsica-ferries-le-site-de-la-compagnie-cible-par-une-cyberattaque-des-hackers-pro-russes-revendiquent-laction-28-10-2023-MHLKVN37VFAUNDFRNLF7IHFR7Q.php" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--b9d4ca9c-7e3b-45fb-a5e8-c21a018cc20b", "created_by_ref": "identity--920a2c5b-b9c4-4cb5-b302-70863fbffd1a", "created": "2023-11-03T00:00:00Z", "modified": "2023-11-03T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "NL" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "https://lc.nl/friesland/Pro-Russische-cyberaanval-legt-websites-Arriva-en-havenbedrijf-Den-Helder-plat-na-bezoek-minister-Ollongren-aan-Oekra%C3%AFne-28731703.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c73a9231-2854-4810-8aca-f943ad7d3ce3", "created_by_ref": "identity--3a34c7a2-a9b5-43c3-a025-42674c3e8e41", "created": "2023-11-05T00:00:00Z", "modified": "2023-11-05T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Transport", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "ALPHV", "external_references": [ { "source_name": "Reference", "url": "https://www.linformaticien.com/magazine/cybersecurite/61344-fuite-de-donnees-massive-chez-corsica-ferries.html" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--6576c6e4-abb6-4b8f-ad74-3affb6d9c8ca", "created_by_ref": "identity--dc7cbf6d-1671-4fd4-9bd9-1c5edcd8b90d", "created": "2023-11-10T00:00:00Z", "modified": "2023-11-10T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Port", "incident_type": "Undisclosed", "location": { "country": "AU" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "https://cydome.io/40-of-australia-port-freight-handling-shuts-down-after-cyberattack-what-we-know-so-far/" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a6c238c8-0d0c-4d48-b946-ff7c25c61e89", "created_by_ref": "identity--f1005054-bcbe-49d2-b9bc-e9eec1956c75", "created": "2023-12-04T00:00:00Z", "modified": "2023-12-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "MRE", "incident_type": "Virus/Ransomware", "location": { "country": "VN" }, "threat_actor": "ALPHV", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/vietnam-electricity-data-breach/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--c27bfcce-7c3a-4ef9-94a2-e9ce7763e6fa", "created_by_ref": "identity--7f4d6a51-5ebd-4bec-930c-a9264255ea7b", "created": "2023-12-04T00:00:00Z", "modified": "2023-12-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "HUNTERS", "external_references": [ { "source_name": "Reference", "url": "['https://www.bleepingcomputer.com/news/security/navy-contractor-austal-usa-confirms-cyberattack-after-data-leak/', 'https://australiancybersecuritymagazine.com.au/ransomware-attack-on-australian-shipbuilder-working-for-us-navy/, https://australiancybersecuritymagazine.com.au/ransomware-attack-on-australian-shipbuilder-working-for-us-navy/', 'https://www.cyberdaily.au/security/9900-threat-actors-target-austal-usa-in-ransomware-attack-us-navy-data-at-risk', 'https://www.defenceconnect.com.au/naval/13260-hackers-target-austal-usa-in-ransomware-attack-us-navy-data-at-risk']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--721425c2-e96a-4a65-97ce-4447749a44f3", "created_by_ref": "identity--9b0bb515-8407-4938-b30d-662108f91c46", "created": "2023-12-26T00:00:00Z", "modified": "2023-12-26T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Administration", "incident_type": "Virus/Ransomware", "location": { "country": "UA" }, "threat_actor": "ANONYMOUS_CENTRAL", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/ukrainian-water-transport-breach/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8178741f-0b30-4b5c-8aad-3628703a8e71", "created_by_ref": "identity--644b3276-3e6f-4b1f-a195-75be273f60b8", "created": "2023-12-26T00:00:00Z", "modified": "2023-12-26T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "LT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/ddos-attacks-on-lithuanian-websites/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d40e3fd0-b817-4822-ae9e-425bb0272109", "created_by_ref": "identity--7928c29d-ced0-44bf-97cb-39563b7578e0", "created": "2024-01-01T00:00:00Z", "modified": "2024-01-01T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Transport", "incident_type": "Denial of service", "location": { "country": "FI" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/noname-cyberattacks-on-finland/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d337c751-a33a-4b3c-ab99-bf8fbdda5877", "created_by_ref": "identity--9357f21f-b7c2-45e7-bb6d-c75967aeb1df", "created": "2024-01-04T00:00:00Z", "modified": "2024-01-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/lockbit-executes-groupe-idea-data-breach/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7c42497f-0111-4fc6-9200-a66e3819d150", "created_by_ref": "identity--75b7f7f7-ebe2-415e-b373-94bb87e30fc1", "created": "2024-01-15T00:00:00Z", "modified": "2024-01-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Transport", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "BIANLIAN", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/republic-shipping-consolidators-cyberattack/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--43ac0bc2-be00-4df5-bb45-62292d72ba18", "created_by_ref": "identity--8fb67790-52ec-492b-ad11-442f5ea5f2b4", "created": "2024-01-16T00:00:00Z", "modified": "2024-01-16T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "ANONYMOUS_SUDAN", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/anonymous-sudan-cyberattack-on-israeli-ports/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--7c17775c-5c2a-4a86-a4b0-21c5b3451aaf", "created_by_ref": "identity--1c1f781f-b90a-4305-abb9-3e9f2e4fdbd6", "created": "2024-01-16T00:00:00Z", "modified": "2024-01-16T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IL" }, "threat_actor": "ANONYMOUS_SUDAN", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/anonymous-sudan-cyberattack-on-israeli-ports/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--21254dfc-18bd-4a24-be5d-77734dae4177", "created_by_ref": "identity--ce7ab2fa-2604-425d-8cef-0000ec8af888", "created": "2024-01-30T00:00:00Z", "modified": "2024-01-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "ALPHV", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/technica-corporation-cyberattack/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--64ba70e6-eb8c-4ed8-8b34-12167f4204db", "created_by_ref": "identity--b4c75adb-9d92-4534-bce1-c7df0c4b8888", "created": "2024-01-30T00:00:00Z", "modified": "2024-01-30T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "CACTUS", "external_references": [ { "source_name": "Reference", "url": "['https://www.bleepingcomputer.com/news/security/energy-giant-schneider-electric-hit-by-cactus-ransomware-attack/', 'https://www.bleepingcomputer.com/news/security/cactus-ransomware-claim-to-steal-15tb-of-schneider-electric-data/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--08b067db-8c31-4d7b-b322-12c1c6813ef3", "created_by_ref": "identity--8b37e5d1-3015-42d3-965c-432be7caa42c", "created": "2024-02-04T00:00:00Z", "modified": "2024-02-04T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Defence", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "DONUT", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/us-department-of-defense-contractor/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--671d4ec0-cc97-4b2b-aa07-9ddd7a38ee72", "created_by_ref": "identity--361d5336-6b02-47c1-9508-c630fa32760d", "created": "2024-02-15T00:00:00Z", "modified": "2024-02-15T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Defence", "incident_type": "Undisclosed", "location": { "country": "IR" }, "threat_actor": "US_GOV", "external_references": [ { "source_name": "Reference", "url": "['https://www.nbcnews.com/news/investigations/us-conducted-cyberattack-suspected-iranian-spy-ship-rcna138638']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--e5351118-24b5-42a5-939a-80eea1d156cf", "created_by_ref": "identity--2b358168-9ffc-4227-891e-e46ed983fbb6", "created": "2024-02-18T00:00:00Z", "modified": "2024-02-18T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/cyberattack-on-italy-noname-targets-italy/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--fa9bf12b-8645-4e64-851f-e3cb4bcecf84", "created_by_ref": "identity--3fdd1781-e480-4ca0-890a-478cb792dc04", "created": "2024-02-18T00:00:00Z", "modified": "2024-02-18T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Port", "incident_type": "Denial of service", "location": { "country": "IT" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/cyberattack-on-italy-noname-targets-italy/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--eb9d7ee1-35dc-4109-a8d3-9c4dbb5dadfd", "created_by_ref": "identity--64a92c3a-2da8-4bb7-b494-ef05aa069474", "created": "2024-02-29T00:00:00Z", "modified": "2024-02-29T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "Lockbit 3.0", "external_references": [ { "source_name": "Reference", "url": "['https://threathunter.ai/general/lockbit-breach-exposes-chinks-in-armor-eastern-shipbuildings-crisis-threatens-coast-guard-capability-and-national-security/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--2707e558-0143-4ca7-8d42-cdfdf96df2f7", "created_by_ref": "identity--d6a927af-6ff0-4a28-8744-06177c4c5d3d", "created": "2024-03-01T00:00:00Z", "modified": "2024-03-01T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "DK" }, "threat_actor": "USDOD-HACKER", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/thales-data-breach/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--31b4c7ce-f412-4642-9162-4aabaad94b1b", "created_by_ref": "identity--d9d179cf-512f-439d-b415-1f25c75153d4", "created": "2024-03-03T00:00:00Z", "modified": "2024-03-03T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "DK" }, "threat_actor": "NoName057(16)", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/noname-claims-cyberattack-on-denmarks/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--1432f730-3f4d-4c29-a12b-1de0bdcacc73", "created_by_ref": "identity--e71d5ea5-9fbb-4946-83de-309ca279fe03", "created": "2024-03-10T00:00:00Z", "modified": "2024-03-10T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Leasure", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "RHYSIDA", "external_references": [ { "source_name": "Reference", "url": "['https://therecord.media/boat-seller-marinemax-reports-cyberattack-sec', 'https://thecyberexpress.com/marinemax-data-breach-confirmed/', 'https://fr.investing.com/news/stock-market-news/marinemax-confirme-une-atteinte-a-la-cybersecurite-et-poursuit-ses-activites-93CH-2340069']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--62eb39f3-1666-40b9-84cb-e5577a9299f2", "created_by_ref": "identity--b298a55c-3664-4c42-8f97-5733bc65d8b9", "created": "2024-03-14T00:00:00Z", "modified": "2024-03-14T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Transport", "incident_type": "Undisclosed", "location": { "country": "US" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://therecord.media/radiant-logistics-cyberattack-canada-operations']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dadfc549-47f9-4c44-a614-5bb46b830c09", "created_by_ref": "identity--c3610095-fcd0-4fc4-bbde-5e67092e5dfe", "created": "2024-04-14T00:00:00Z", "modified": "2024-04-14T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Defence", "incident_type": "Intrusion", "location": { "country": "IL" }, "threat_actor": "HANDALA", "external_references": [ { "source_name": "Reference", "url": "['https://twstalker.com/FalconFeedsio/status/1779373083289342177', 'https://thecyberexpress.com/handala-hacker-group-warns-israel/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--a6fc5d99-01f0-442d-9779-de28995069fe", "created_by_ref": "identity--3e244adb-b18d-467d-bd40-16b84e2355f9", "created": "2024-04-15T00:00:00Z", "modified": "2024-04-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Leasure", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "8BASE", "external_references": [ { "source_name": "Reference", "url": "['https://twstalker.com/DailyDarkWeb/status/1779869753663758360', 'https://therecord.media/atlantic-fisheries-commission-confirms-cyber-incident']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--8237730d-3dcf-48e5-b4c5-1238ef8fac2c", "created_by_ref": "identity--290a5309-06da-43f9-a094-5e4a3c4c9f09", "created": "2024-04-15T00:00:00Z", "modified": "2024-04-15T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "FR" }, "threat_actor": "8BASE", "external_references": [ { "source_name": "Reference", "url": "['https://www.zataz.com/lyon-terminal-menace-par-les-hackers-de-8base/', 'https://www.clubic.com/actualite-524220-lyon-terminal-principale-plateforme-multimodale-lyonnaise-piratee-par-des-hackers-qui-se-disent-honnetes.html', 'https://twstalker.com/DailyDarkWeb/status/1779869698961600650']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--dd71287a-4420-4091-b637-a198a8cdbc9d", "created_by_ref": "identity--698bfdb2-ca44-485a-bda7-b61dbef2bd17", "created": "2024-05-02T00:00:00Z", "modified": "2024-05-02T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Transport", "incident_type": "Intrusion", "location": { "country": "AE" }, "threat_actor": "FIVE-FAMILIES", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/five-families-claimed-alleged-cyberattacks/', 'https://dailydarkweb.net/data-breach-uae-government-massive-security-breach-exposes-sensitive-information/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--051097f6-3a4e-4bf7-9cb5-e007e13be7a4", "created_by_ref": "identity--f10215db-d7be-4131-b23a-3051e77246f3", "created": "2024-05-27T00:00:00Z", "modified": "2024-05-27T00:00:00Z", "name": "Denial of service", "description": null, "sector": "Administration", "incident_type": "Denial of service", "location": { "country": "BG" }, "threat_actor": "CYBER_ARMY_RUSSIA", "external_references": [ { "source_name": "Reference", "url": "['https://t.me/CyberArmyofRussia_Reborn/7871', 'https://thecyberexpress.com/bulgarian-ports-infrastructure-cyberattack/', 'https://check-host.net/check-report/19f5774ck412']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f52a47c0-13ef-4f4e-aa2b-881f53a5cfb0", "created_by_ref": "identity--6e9adbaf-ce5f-4ff6-91ab-e03bcee0a537", "created": "2024-06-16T00:00:00Z", "modified": "2024-06-16T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Industry", "incident_type": "Undisclosed", "location": { "country": "PH" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://news.abs-cbn.com/business/2024/6/17/marina-s-web-based-systems-compromised-in-cyber-attack-1141', 'https://www.sotwe.com/tweet/1802999127040795069', 'https://www.facebook.com/DOTrMARINAPH/posts/marina-press-release17-hunyo-2024%F0%9D%90%8C%F0%9D%90%9A%F0%9D%90%AC%F0%9D%90%AE%F0%9D%90%AC%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%A0-%F0%9D%90%88%F0%9D%90%A6%F0%9D%90%9B%F0%9D%90%9E%F0%9D%90%AC%F0%9D%90%AD%F0%9D%90%A2%F0%9D%90%A0%F0%9D%90%9A%F0%9D%90%AC%F0%9D%90%B2%F0%9D%90%A8%F0%9D%90%A7-%F0%9D%90%AC%F0%9D%90%9A-%F0%9D%90%82%F0%9D%90%B2%F0%9D%90%9B%F0%9D%90%9E%F0%9D%90%AB-%F0%9D%90%80%F0%9D%90%AD%F0%9D%90%AD%F0%9D%90%9A%F0%9D%90%9C%F0%9D%90%A4-%F0%9D%90%8D%F0%9D%90%9A%F0%9D%90%A0%F0%9D%90%A9%F0%9D%90%9A%F0%9D%90%A9%F0%9D%90%9A%F0%9D%90%AD/806368914935861/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--18934fca-c49a-45da-9410-cb2f4722707d", "created_by_ref": "identity--619beb5f-1ced-46e2-b55d-428a1dccf1d1", "created": "2024-06-17T00:00:00Z", "modified": "2024-06-17T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "DE" }, "threat_actor": "HUNTERS_KILLERS", "external_references": [ { "source_name": "Reference", "url": "['https://www.sotwe.com/tweet/1802625323621662908', 'https://gbhackers.com/hunt3r-kill3rs-group-claims/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--4fb29054-bad0-4ee9-bf74-50005b41f1c0", "created_by_ref": "identity--484b5e4e-ebcc-4093-ba58-21d040f89a58", "created": "2024-06-17T00:00:00Z", "modified": "2024-06-17T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "AKIRA", "external_references": [ { "source_name": "Reference", "url": "['https://www.sotwe.com/tweet/1802807934818386401', 'https://thecyberexpress.com/tetra-technologies-cyberattack/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--ddac793f-8340-4864-9356-ae8f0f25acd7", "created_by_ref": "identity--8ac1aba4-66ff-44f9-bab3-93555f20df62", "created": "2024-07-02T00:00:00Z", "modified": "2024-07-02T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Industry", "incident_type": "Intrusion", "location": { "country": "SG" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://www.theedgesingapore.com/news/cybersecurity/hiap-seng-latest-victim-cyber-attack']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--f018bb42-e0ca-485c-ac63-c15f62d81c0d", "created_by_ref": "identity--ca301d4d-af3f-43db-9012-9f1af17322c9", "created": "2024-07-03T00:00:00Z", "modified": "2024-07-03T00:00:00Z", "name": "Intrusion", "description": null, "sector": "Offshore", "incident_type": "Intrusion", "location": { "country": "ES" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://www.lne.es/asturias/2024/07/03/total-energies-sufre-ciberataque-datos-104881663.html']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--74f57467-fd0d-4d7b-85be-b8e68f74646a", "created_by_ref": "identity--d0d8e8bf-eae4-4661-931e-842887f56940", "created": "2024-08-20T00:00:00Z", "modified": "2024-08-20T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Offshore", "incident_type": "Undisclosed", "location": { "country": "US" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/halliburton-cyberattack-threat/', 'https://www.reuters.com/technology/cybersecurity/top-us-oilfield-firm-halliburton-hit-by-cyberattack-2024-08-21/', 'https://therecord.media/halliburton-reported-cyberattack-company-confirms-issue']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--d5e61106-7335-4732-94ba-f2247a76a10b", "created_by_ref": "identity--ccdfbc36-d6ec-414d-b075-5bfdcbf6616e", "created": "2024-08-24T00:00:00Z", "modified": "2024-08-24T00:00:00Z", "name": "Undisclosed", "description": null, "sector": "Leasure", "incident_type": "Undisclosed", "location": { "country": "US" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://www.washingtonports.org/port-of-seattle-updates', 'https://thecyberexpress.com/port-of-seattle-cyberattack-operations/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--38ed3302-f313-418b-85ce-a6fb0a03f809", "created_by_ref": "identity--5d5335c8-7aef-4445-b2cc-3179435a445f", "created": "2024-08-27T00:00:00Z", "modified": "2024-08-27T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Logistics", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "UNDISCLOSED", "external_references": [ { "source_name": "Reference", "url": "['https://thecyberexpress.com/cyberattack-on-jas-worldwide/', 'https://www.fullyloaded.com.au/jas-worldwide-confirms-path-forward-following-cyberattack/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] }, { "type": "incident", "id": "admiral--49121b34-cb39-4ae3-9a5a-0e396f05134b", "created_by_ref": "identity--f326be2a-dc37-4632-8ece-ad3e9edabc62", "created": "2024-09-24T00:00:00Z", "modified": "2024-09-24T00:00:00Z", "name": "Virus/Ransomware", "description": null, "sector": "Industry", "incident_type": "Virus/Ransomware", "location": { "country": "US" }, "threat_actor": "RANSOMHUB", "external_references": [ { "source_name": "Reference", "url": "['https://www.vpnranks.com/news/ransomhub-hacks-tellurian-steals-nda-protected-financial-data/', 'https://www.breachsense.com/breaches/tellurian-data-breach/']" }, { "source_name": "France Cyber Maritime", "description": "Data sourced from ADMIRAL dataset https://www.m-cert.fr/admiral." } ], "first_seen": "", "last_seen": "", "objective": "", "impact": "", "organization": "", "attack_vector": "", "attribution_confidence": "", "affected_assets": [], "mitigation": "", "response": "", "related_incidents": [] } ] }