The Week in Cyber Security and Data Privacy in Europe: 12 – 18 February 2024

4,065,892 known records breached in 131 publicly disclosed incidents

Welcome to this week’s round-up of the biggest and most interesting news stories in Europe.

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.


Publicly disclosed data breaches and cyber attacks: in the spotlight

Hunters International adds Kreyenhop & Kluge to list of victims

The Hunters International ransomware gang has added the German wholesale grocer Kreyenhop & Kluge to its list of victims. Hunters International has allegedly exfiltrated 1,241,127 files from the company. No further details are available at this stage.

Data breached: 1,241,127 records.

Black Basta ransomware group adds Constantia FFP to its list of victims

The Black Basta ransomware gang claims to have exfiltrated 756 GB of data from the packaging manufacturer Constantia FFP. Compromised data allegedly includes departmental data, accounts, engineering information, HR data, shared folders, documents and more.

Data breached: 756 GB.


Publicly disclosed data breaches and cyber attacks in Europe: full list

This week, we found 4,065,892 records known to be compromised in Europe, and 131 European organisations suffering a newly disclosed incident. 120 of them are known to have had data exfiltrated, exposed or otherwise breached.

Organisation(s)SectorLocationData breached?Known records breached
Kreyenhop & Kluge
Source
New
OtherGermanyYes1,241,127
Constantia FFP
Source
New
ManufacturingUKYes756 GB
BTL Veranstaltungstechnik
Source
New
OtherGermanyYes585 GB
Patrizia Pepe
Source
New
RetailItalyYes577 GB
Centrale Paysanne Luxembourgeoisie
Source
New
AgriculturalLuxembourgYes375 GB
Satse
Source
New
Charity and non-profitSpainYes195,086
BM Catalysts
Source
New
ManufacturingUKYes100 GB
Pacifica
Source
New
OtherUKYes85 GB
Sercide
Source
New
Energy and utilitiesSpainYes69 GB
Concello de Teo
Source
New
PublicSpainYes65,979
TECA Srl
Source
New
TransportItalyYes16.7 GB
100 Romanian hospitals using the Hipocrate Information System
Source 1; source 2
New
HealthcareRomaniaYesUnknown
Lili’s Brownies
Source
New
ManufacturingFranceYesUnknown
Doprastav
Source
New
Construction and real estateSlovakiaYesUnknown
Roosens Betons
Source
New
Construction and real estateBelgiumYesUnknown
Giraud Pere et Fils
Source
New
Construction and real estateFranceYesUnknown
Pradier Granulats
Source
New
Construction and real estateFranceYesUnknown
ASP Basilicata
Source
New
HealthcareItalyYesUnknown
Unifer
Source
New
Construction and real estateFranceYesUnknown
ATB SA Ingénieurs-Conseils
Source
New
Engineering  SwitzerlandYesUnknown
Meerservices
Source
New
MultipleNetherlandsYesUnknown
Réseau Ribé
Source
New
AgriculturalFranceYesUnknown
VARTA AG
Source
New
ManufacturingGermanyUnknownUnknown
Park Home Assist Insurance Services
Source
New
FinanceUKUnknownUnknown
Grupo Camarotto
Source
New
Construction and real estateItalyUnknownUnknown
Lyon Equipment Ltd
Source
New
ManufacturingUKUnknownUnknown
Diener Precision Pumps
Source
New
ManufacturingSwitzerlandUnknownUnknown
Fédération Envie
Source
New
Charity and non-profitFranceUnknownUnknown
Palterton Primary School
Source
New
EducationUKUnknownUnknown
Henri Germain
Source
New
Construction and real estateFranceUnknownUnknown
Kabat Tyre
Source
New
ManufacturingPolandUnknownUnknown
Bombay Grill Restaurant
Source
New
Hospitality and leisureCroatiaUnknownUnknown
ASAM SA
Source
New
EngineeringRomaniaUnknownUnknown

Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicised in the table.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.


AI

Open AI removes accounts used by state-sponsored hackers

ChatGPT’s parent company, Open AI, has closed accounts used by state-sponsored attackers from China, Iran, North Korea and Russia that were misusing its large language model to enhance their capabilities. Following information from Microsoft, Open AI closed accounts associated with the Forest Blizzard (Strontium), Emerald Sleet (Thallium), Crimson Sandstorm (Curium), Charcoal Typhoon (Chromium) and Salmon Typhoon (Sodium) threat groups.

Tech giants agree to combat AI-enhanced election fraud

At the Munich Security Conference last Friday, executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok announced a new framework for responding to AI-generated deepfakes designed to trick voters. Twelve other companies will also sign the accord.


Enforcement

Joint operation disrupts LockBit ransomware

Operation Cronos, an international operation involving the UK National Crime Agency, the US FBI and law enforcement partners from nine other countries, has disrupted the LockBit ransomware group, seizing numerous servers and public-facing websites. Two LockBit actors have been arrested in Poland and Ukraine, and over 200 cryptocurrency accounts linked to the group have been frozen.

FBI dismantles Warzone RAT malware operation

The US FBI has seized the infrastructure of the Warzone RAT (remote access trojan) and two individuals associated with the cyber crime operation have been arrested. Daniel Meli, 27, was arrested by Maltese police and Prince Onyeoziri Odinakachi, 31, was arrested in Nigeria at the request of the US law enforcement agencies.

Head of JabberZeus cyber crime gang pleads guilty

Vyacheslav Igorevich Penchukov, one of the leaders of the JabberZeus cyber criminal group, has pleaded guilty to two charges related to his role in the Zeus and IcedID malware groups. He faces a maximum of 40 years’ imprisonment.


Other news

South Korean researchers release Rhysida ransomware decryption tool

Researchers from Kookmin University and KISA (the Korea Internet & Security Agency) have released a free decryption tool for the Rhysida malware. It is available on the KISA website. Recent victims of Rhysida include the British Library and Sony’s Insomniac Games.

NIST publishes guidelines for securing software supply chains

NIST (the US National Institute of Standards and Technology) has now issued the final version of SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. The guidance describes NIST’s SSDF (Secure Software Development Framework), and sets out ways to integrate elements of software supply chain security assurance into continuous integration/continuous delivery pipelines to demonstrate SSDF compliance.

Patch Tuesday: Microsoft patches two zero-day vulnerabilities

In February’s Patch Tuesday release, Microsoft addressed 73 vulnerabilities, including two zero-day and five critical vulnerabilities.


Key dates

31 March 2024 – PCI DSS v4.0 transitioning deadline 

Version 3.2.1 of the PCI DSS (Payment Card Industry Data Security Standard) is being retired on 31 March, to be replaced by version 4.0 of the Standard. There are more than 50 new requirements in PCI DSS v4.0. You can find out more about them on the PCI Security Standards Council’s website.


That’s it for this week’s round-up. We hope you found it useful.

We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.

In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.


Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.