16-31 January 2021 Cyber Attacks Timeline

Twitter

Facebook

Tumblr

Buffer

Last Updated on February 22, 2021

It’s time to publish the second interactive timeline of January 2021 covering the main cyber attacks occurred in the second half of this month (you can find the first timeline here).

In this timeline, I have collected 81 events, confirming a slow start for the new year (but you need to consider that this period is still characterized by the massive Orion supply-chain attack that has hit multiple organizations worldwide and was counted as a single operation in the timelines.

Besides the above-mentioned operation, ransomware continues to characterize the threat landscape with nearly 29% of the total events (23 out of 80), but the real number could be even bigger since in some cases, the impacted organizations remain vague on the nature of the threat, mentioning a generic “disruption”.

And besides ransomware, the timeline is rich of multiple events spanning the different areas of cyber crime, cyber warfare, and cyber espionage (including an operation targeting security researchers).

16-31 January 2021 Cyber Attacks Interactive Timeline

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	14/01/2021	-	-	Russian, Iranian and Chinese influence actors	United States	The FBI, Department of Homeland Security and eight other agencies warns that "Russian, Iranian and Chinese influence actors are exploiting the U.S. Capitol siege to amplify narratives in furtherance of their policy interest amid the presidential transition.	Fake Websites/Social Network accounts	O Public administration and defence, compulsory social security	CW	US		FBI, Department of Homeland Security, Russia, Iran, China, U.S. Capitol siege
2	15/01/2021	15/1/2021	15/1/2021	?	Atlanta synagogue The Temple	The Atlanta synagogue The Temple is disrupted by a cyber attack.	DDoS	S Other service activities	CC	US		The Temple
3	16/01/2021	16/1/2021	16/1/2021	?	OpenWRT	The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.	Account Takeover	S Other service activities	CC	N/A		OpenWRT
4	16/01/2021	16/1/2021	16/1/2021	DeroHE	IObit	Windows utility developer IObit is hacked to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.	Malware	M Professional scientific and technical activities	CC	US		IObit, DeroHE, ransomware
5	16/01/2021	-	-	?	Wentworth golf and country club	The prestigious Wentworth golf and country club warns its 4000 members that their personal details may have fallen into the hands of hackers following a ransomware attack.	Malware	R Arts entertainment and recreation	CC	UK		Wentworth golf and country club, ransomware
6	17/01/2021	17/1/2021	17/1/2021	>	CHwapi Hospital	The CHwapi Hospital in Belgium is hit with a Windows BitLocker attack where threat actors claim to have encrypted 40 servers and 100 TB of data.	Windows Bit locker	Q Human health and social work activities	CC	BE		CHwapi Hospital, Windows BitLocker
7	18/01/2021	-	-	?	Capital Economics	Researchers from Cyble discover a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.	SQLi	M Professional scientific and technical activities	CC	US		Capital Economics, Cyble
8	18/01/2021	-	-	?	Okanogan County	The Okanogan County is hit with a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	US		Okanogan County
9	19/01/2021	-	-	StellarParticle (AKA UNC2452, Dark Halo)	Malwarebytes	Cybersecurity firm Malwarebytes confirms that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails.	Cloud Account Takeover	M Professional scientific and technical activities	CE	US		StellarParticle, UNC2452, Dark Halo, Malwarebytes
10	19/01/2021	From January 8, 2021	From January 8, 2021	FreakOut	Vulnerable Linux servers	Researchers from Check Point discover an active malicious campaign, currently targeting Linux devices running software with critical vulnerabilities.	Multiple vulnerabilities (CVE-2021-3007, CVE-2020-7961, CVE-2020-28188)	Y Multiple Industries	CC	>1		FreakOut, Check Point, CVE-2021-3007, CVE-2020-7961, CVE-2020-28188
11	19/01/2021	-	-	?	Vulnerable SAP servers	Researchers from Onapsis detect automated probes for servers containing CVE-2020-6207, a severe vulnerability in SAP, a week after a working exploit was published online.	CVE-2020-6207 Vulnerability	Y Multiple Industries	CC	>1		Onapsis, CVE-2020-6207, SAP
12	19/01/2021	-	-	ALTDOS	Bangladesh Export Import Company Limited (BEXIMCO)	Hackers from ALTDOS claim to have successfully attacked BEXIMCO.	Unknown	N Administrative and support service activities	CC	BD		Bangladesh Export Import Company Limited, BEXIMCO
13	19/01/2021	-	5/1/2021	?	Diponegoro University (pak.undip.ac.id)	The Diponegoro University (pak.undip.ac.id) admits that there have been several attempts to breach its servers after 125,000 student's data is leaked.	Unknown	P Education	CC	ID		Diponegoro University, pak.undip.ac.id
14	19/01/2021	During May 2019	-	Ryuk	Salem Clinic and the Oregon Heart Center	Salem Clinic and the Oregon Heart Center notify patients that their protected health information was exposed during a May 2019 ransomware attack targeting their mailing service provider.	Malware	Q Human health and social work activities	CC	US		Salem Clinic, Oregon Heart Center, Ryuk, ransomware
15	20/01/2021	-	-	ShinyHunters	Pixlr	ShinyHunters share a database that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.	Cloud misconfiguration	S Other service activities	CC	US		ShinyHunters, Pixlr, 123rf, Inmagine
16	20/01/2021	-	-	?	Multiple targets	An advisory from Netscout reveals that Windows Remote Desktop Protocol (RDP) servers are now being abused by DDoS-for-hire services to amplify Distributed Denial of Service (DDoS) attacks.	DDoS	Y Multiple Industries	CC	>1		Netscout, Remote Desktop Protocol, RDP
17	20/01/2021	-	Early December 2020	?	More than 10 Demand Side Platforms (DSP), primarily Europe-based	Researchers from Media Trust reveal the details of LuckyBoy-3PC, a malvertising campaign deploying cloaking and obfuscation technologies.	Malvertising	S Other service activities	CC	>1		Media Trust, LuckyBoy-3PC
18	20/01/2021	-	-	?	Telecom, healthcare, energy and manufacturing companies	Researchers from Proofpoint discover a campaign sending thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs).	Business Email Compromise	Y Multiple Industries	CC	>1		Proofpoint, Google Forms
19	20/01/2021	Since November 2020	-	Nefilim	Colliers International Group	Colliers International Group, a Canadian real estate services firm, acknowledges that it suffered a cyberattack last November	Malware	L Real estate activities	CC	CA		Colliers International Group, ransomware, Nefilim
20	20/01/2021	10/8/2020	Between 05/08/2020 and 17/08/2020	?	Einstein Healthcare Network	Einstein Healthcare Network announces that it began mailing letters to patients whose information may have been involved in a data security incident involving unauthorized access to employees’ email accounts.	Account Takeover	Q Human health and social work activities	CC	US		Einstein Healthcare Network
21	20/01/2021	Earlier in January 2021	-	?	Ucar	The vehicle rental company Ucar reveals that it had been the target of ransomware earlier this year.	Malware	H Transportation and storage	CC	FR		Ucar, ransomware
22	20/01/2021	During the Holiday season	-	?	Butler County Sheriff's Office	The Butler County Sheriff's Office reveals to have been hit by a malware attack during the holiday season.	Malware	O Public administration and defence, compulsory social security	CC	US		Butler County Sheriff, ransomware
23	20/01/2021	16/01/2021	16/01/2021	CursedGrabber	Discord users	Researchers from Sonatype discover a new campaign carried out via three malicious npm packages distribiting the CursedGrabber malware.	Malware	X Individual	CC	>1		Sonatype, CursedGrabber,npm
24	21/01/2021	Since August 2020	-	?	Multiple targets	Researchers from Check Point and Otorio reveal the details of a massive phishing campaign targeting thousands of organizations worldwide. However the attackers forget to protect their loot and let Google share the stolen passwords for public searches.	Account Takeover	Y Multiple Industries	CC	>1		Check Point, Otorio, Google
25	21/01/2021	Since October 2020	-	?	QNAP devices	QNAP urges customers to secure their network-attached storage (NAS) devices against Dovecat, an ongoing malware campaign that infects and exploits them to mine bitcoin.	Misconfiguration (weak password)	Y Multiple Industries	CC	>1		QNAP, Dovecat
26	21/01/2021	-	-	?	Android users	A new malware spreads through Whatsapp auto-replies to any messaging conversations using a malicious link that leads to a fake Huawei app.	Malware	X Individual	CC	>1		Android, Whatsapp, Huawei
27	21/01/2021	-	-	?	Goods and Services Tax Network (GSTN)	The Goods and Services Tax Network (GSTN) announces a possible cyber attack with a cryptic tweet.	Unknown	O Public administration and defence, compulsory social security	CC	IN		Goods and Services Tax Network, GSTN
28	21/01/2021	-	22/12/2020	?	Breast Care Specialists	Breast Care Specialists take their systems offline after a cyberattack exposed patients' personal and medical information	Unknown	Q Human health and social work activities	CC	US		Breast Care Specialists
29	22/01/2021	-	20/1/2021	ShinyHunters	Bonobos	Bonobos men's clothing store suffers a massive data breach exposing millions of customers' personal information after a 70GB cloud backup of their database is downloaded and shared.	Cloud misconfiguration	G Wholesale and retail trade	CC	US		Bonobos, ShinyHunters
30	22/01/2021	-	-	?	Sonicwall	Security hardware manufacturer SonicWall issues an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.	0-Day vulnerability	C Manufacturing	CC	US		SonicWall
31	22/01/2021	-	-	?	UK Students	Some of the laptops given out in England to support vulnerable children home-schooling during lockdown contain the Gamarue malware	Malware	P Education	CC	UK		Gamarue
32	22/01/2021	-	14/1/2021	?	MyFreeCams	A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.	SQLi	R Arts entertainment and recreation	CC	US		MyFreeCams
33	22/01/2021	4/1/2021	6/1/2021	?	USCellular	Mobile network operator USCellular suffers a data breach after hackers gained access to its CRM and viewed customers' accounts.	Malware	J Information and communication	CC	US		USCellular
34	22/01/2021	Since early 2019	-	?	Enterprise-level apps running on Linux systems	Researchers from Zscaler reveal the details of the DreamBus botnet, a Linux-based malware family targeting a wide collection of apps, such as PostgreSQL, Redis, Hadoop YARN, Apache Spark, HashiCorp Consul, SaltStack, and the SSH service.	Multiple vulnerabilities	Y Multiple Industries	CC	>1		Zscaler, DreamBus, Linux, PostgreSQL, Redis, Hadoop YARN, Apache Spark, HashiCorp Consul, SaltStack, SSH
35	22/01/2021	15/12/2020	-	Clop	The7stars	The7stars, an important London ad agency falls victim of a Clop ransomware attack.	Malware	M Professional scientific and technical activities	CC	UK		The7stars, Clop, ransomware
36	22/01/2021	21/01/2021	21/01/2021	?	Department of Vienne	The Department of Vienne is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	FR		Department of Vienne, ransomware
37	22/01/2021	-	-	?	Santander Mexico	A database belonging to Santander Mexico is put on sale on an underground market. 1 million records are leaked.	Unknown	K Financial and insurance activities	CC	MX		Santander
38	22/01/2021	-	-	?	BBVA Mexico	A database belonging to BBVA Mexico is put on sale on an underground market. 3 million records are leaked.	Unknown	K Financial and insurance activities	CC	MX		BBVA
39	22/01/2021	-	-	?	IMSS	A database belonging to IMSS, a Mexican marketing firm, is put on sale on an underground market. 42 million records are leaked.	Unknown	M Professional scientific and technical activities	CC	MX		IMSS
40	22/01/2021	-	-	?	Serasa	The personal information of 220 million users in Brazil, belonging to Serasa (an Experian company) is leaked in the dark web.	Unknown	K Financial and insurance activities	CC	BR		Serasa, Experian
41	23/01/2021	15/01/2021	-	?	Australian Securities and Investments Commission (ASIC)	The Australian Securities and Investments Commission (ASIC) reveals that one of its servers has been accessed by an unknown threat actor exploiting a vulnerability in the Accellion file transfer platform.	Vulnerability	O Public administration and defence, compulsory social security	CC	AU		Australian Securities and Investments Commission, ASIC), Accellion
42	23/01/2021	Between 16/01/2021 and 17/01/2021	-	?	City of Montmagne	The city of Montmagne is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	CA		City of Montmagne, ransomware
43	23/01/2021	-	-	?	Undisclosed French Travel Agency	An undisclosed French travel agency has its data leaked. 1.4 million records are exposed.	Unknown	R Arts entertainment and recreation	CC	FR		Undisclosed French Travel Agency
44	23/01/2021	During October 2020	-	?	Vidal Group	The website of the bealthcare provider Vidal.fr is taken down after a threat actor leaks some data allegededly stolen on October 2020.	Unknown	Q Human health and social work activities	CC	FR		Vidal Group, Vidal.fr
45	23/01/2021	-	-	?	CDiscount	A database belonging to the French retailer CDiscount is put on sale in the Black Market.	Unknown	G Wholesale and retail trade	CC	FR		CDiscount
46	24/01/2021	-	-	Avaddon	Undisclosed target	An undisclosed victim of the Avaddon ransomware gang suffers a DDoS attack after refusing to pay.	>1 (Malware, DDoS)	Z Unknown	CC	N/A		Avaddon
47	24/01/2021	-	23/1/2021	ShinyHunters	Buyucoin	ShinyHunters leaks the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.	Unknown	V Fintech	CC	IN		ShinyHunters, Buyucoin
48	24/01/2021	-	-	ShinyHunters	MeetMindful	ShinyHunters leaks the details of more than 2.28 million users registered on MeetMindful.com.	Cloud misconfiguration	S Other service activities	CC	US		ShinyHunters, MeetMindful
49	25/01/2021	Mid-2020	-	ZINC	Security researchers from multiple countries	Researchers from Google (and few days later from Microsoft) reveal the details of a North Korean government-backed hacking group, targeting security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight.	Targeted Attack	X Individual	CE	>1		Google, Microsoft, North Korea, ZINC
50	25/01/2021	-	-	?	Palfinger	Austria-based crane manufacturer Palfinger informs customers that its IT infrastructure suffered serious disruptions as a result of an “ongoing global cyber attack.” The company confirms the nature of the attack as ransomware	Malware	C Manufacturing	CC	AU		Palfinger, ransomware
51	25/01/2021	-	23/1/2021	?	WestRock	American packaging giant WestRock informed customers that it was recently targeted in a ransomware attack that impacted both IT and OT systems.	Malware	C Manufacturing	CC	AU		WestRock, ransomware
52	25/01/2021	23/1/2021	23/01/2021	DeroHE	IObit	Over the weekend, the ransomware actors from DeroHE hack again the IObit forums to display a message demanding that IObit pay them $100,000 in DERO or the attacks would continue.	Malware	M Professional scientific and technical activities	CC	US		IObit, DeroHE, ransomware
53	25/01/2021	25/01/2021	25/01/2021	?	Single individuals in the UK	An active phishing campaign pretends to be from the UK's National Health Service (NHS), alerting recipients that they are eligible to receive the COVID-19 vaccine.	Account Takeover	X Individual	CC	UK		National Health Service, NHS, COVID-19, vaccine
54	25/01/2021	23/01/2021	-	?	Georgetown County	Georgetown County says the county’s computer network “suffered a major infrastructure breach over the weekend.” Most of the county’s electronic systems, including emails, are impacted.	Unknown	O Public administration and defence, compulsory social security	CC	US		Georgetown County
55	25/01/2021	Since May 2020	-	?	High-ranking company executives	Researchers from Trend Micro reveal the details of an ongoing phishing campaign delivering fake Office 365 password expiration reports that managed to compromise tens of C-Suite email accounts to date.	Account Takeover	Y Multiple Industries	CC	>1		Trend Micro, Office 365
56	25/01/2021	-	-	?	Android users in Italy	Researchers from AddressIntel discover a new Android malware dubbed Oscorp targeting Italian users.	Malware	X Individual	CC	IT		AddressIntel, Android, Oscorp
57	25/01/2021	25/01/2021	25/01/2021	?	Tennessee Wesleyan University	Tennessee Wesleyan University is hit with a ransomware attack.	Malware	P Education	CC	US		Tennessee Wesleyan University, ransomware
58	26/01/2021	14/01/2021	-	REvil AKA Sodinokibi	Dairy Farm Group	Pan-Asian retail chain operator Dairy Farm Group is attacked by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.	Malware	G Wholesale and retail trade	CC	HK		Dairy Farm Group, REvil ransomware, Sodinokibi
59	26/01/2021	-	-	Nemty	Undisclosed target	Researchers from Sophos reveal the details of a Nemty ransomware attack carried out exploiting the ghost account of a deceased administrator.	Malware	Z Unknown	CC	N/A		Sophos, Nemty, ransomware
60	26/01/2021	-	-	?	Unknown target(s)	Apple releases security updates for iOS to patch three zero-day vulnerabilities exploited in the wild.	CVE-2021-1782, CVE-2021-1870, CVE-2021-1871 vulnerabilities	Z Unknown	N/A	N/A		Apple, iOS, CVE-2021-1782, CVE-2021-1870, CVE-2021-1871
61	26/01/2021	-	-	?	Undisclosed company	Researchers from Abnormal Security discover two business email compromise (BEC) attack techniques that exploit a Microsoft 365 “read receipt” message loophole to evade auto-remediation of a malicious email.	Business Email Compromise	Z Unknown	CC	NA		Abnormal Security, Microsoft 365
62	26/01/2021	-	-	?	Undisclosed company	Researchers from Abnormal Security discover two business email compromise (BEC) attack techniques that exploit a Microsoft 365 “out of office” message loophole to evade auto-remediation of a malicious email.	Business Email Compromise	Z Unknown	CC	NA		Abnormal Security, Microsoft 365
63	26/01/2021	Starting from late October 2020	-	?	Single individuals	Researchers from Proofpoint discover a new strain of DanaBot distributed through pirated software keys.	Malware	X Individual	CC	>1		Proofpoint, DanaBot
64	26/01/2021	Starting from December 2020	-	?	Single individuals in the Americas and Europe	Researchers from FireEye discover a phishing campaign spoofing the DHL's delivery service, and using encrypted Telegram channel to exfiltrate data.	Account Takeover	X Individual	CC	>1		FireEye, DHL, Telegram
65	27/01/2021	-	-	TeamTNT	Exposed Linux servers	AT&T Alien Labs security researchers discover a new variant of the Black-T Linux crypto-mining malware using open-source tools to evade detection.	Cloud misconfiguration	Y Multiple Industries	CC	>1		AT&T Alien Labs, Black-T, Linux, TeamTNT
66	27/01/2021	-	-	?	Multiple targets	Researchers from RiskIQ reveal the details of LogoKit, a novel phishing toolkit that changes logos and text on a phishing page in real-time to adapt to targeted victims.	Account Takeover	Y Multiple Industries	CC	>1		RiskIQ, LogoKit
67	27/01/2021	14/12/2021	-	?	The Woodland Trust	The Woodland Trust confirms that it was hit with a cyberattack describing the incident as "sophisticated" and "high level" – and it has taken many services offline.	Unknown	Q Human health and social work activities	CC	UK		The Woodland Trust
68	27/01/2021	27/1/2021	27/1/2021	?	Municipality of Balneário Camboriú	The Municipality of Balneário Camboriú is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	BR		Municipality of Balneário Camboriú, ransomware
69	27/01/2021	-	-	?	Single individuals in the UK	The National Crime Agency and Financial Conduct Authority warn that the number of "clone firm" scams has significantly increased during the COVID-19 pandemic.	Account Takeover	X Individual	CC	UK		National Crime Agency, NCA, Financial Conduct Authority, COVID-19
70	28/01/2021	-	Early 2020	Volatile Cedar AKA Lebanese Cedar	More than 250 Oracle and Atlassian servers belonging mainly to organizations providing mobile communications and internet-based services.	Researchers from ClearSky Security reveal that Volatile Cedar, an advanced hacker group believed to be connected to the Lebanese Hezbollah Cyber Unit, has been silently attacking companies around the world in espionage operations.	CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152 vulnerabilities	J Information and communication	CE	>1		ClearSky Security, Volatile Cedar, Lebanese Cedar, Hezbollah Cyber Unit, Oracle, Atlassian, CVE-2019-3396, CVE-2019-11581, CVE-2012-3152
71	28/01/2021	-	-	Rocke Group	Vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis	Researchers from Palo Alto Networks discover a new campaign by the financially-motivated Rocke group, using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis.	Malware	Y Multiple Industries	CC	>1		Palo Alto Networks, Rocke Group, Pro-Ocean, Apache ActiveMQ, Oracle WebLogic, Redis
72	28/01/2021	-	-	?	UK Research and Innovation (UKRI)	The UK Research and Innovation (UKRI) is hit with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency.	Malware	O Public administration and defence, compulsory social security	CC	UK		UK Research and Innovation, UKRI, ransomware
73	28/01/2021	-	-	?	Crisp Regional Health Services	Crisp Regional Health Services is the victim of a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Crisp Regional Health Services, ransomware
74	28/01/2021	26/01/2021	26/01/2021	?	Peel District School Board	Peel District School Board is hit with a ransomware attack.	Malware	P Education	CC	US		Peel District School Board, ransomware
75	28/01/2021	23/01/2021	23/01/2021	?	Council Rock High School	Students and staff members from Council Rock High School receive several offensive emails after a student's email is hacked.	Account Takeover	P Education	CC	US		Council Rock High School
76	28/01/2021	27/01/2021	27/01/2021	?	Wimberley Independent School District	An email filled with racial slurs goes out to about 500 middle- and high school students of the Wimberley Independent School District.	Account Takeover	P Education	CC	US		Wimberley Independent School District
77	28/01/2021	5/1/2021	5/1/2021	?	Granite Wellness Center	Granite Wellness Center is hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Granite Wellness Center
78	28/01/2021	1/12/2020	-	?	Hashes.org	The database of hashes.org is lealed online	Unknown	S Other service activities	CC	NA		Hashes.org
79	29/01/2021	Late December 2020	25/1/2021	?	Washington's State Auditor office	Washington's State Auditor Office suffers a data breach that exposes the personal information in 1.6 million employment claims after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.	Vulnerability	O Public administration and defence, compulsory social security	CC	US		Washington's State Auditor Office, Accellion
80	29/01/2021	Early January 2021	-	Trickbot	Legal and insurance verticals in North America	Researchers from Menlo Security discover a new Trickbot campaign targeting legal and insurance verticals in North America.	Malware	K Financial and insurance activities	CC	US		Menlo Security, Trickbot
81	29/01/2021	Early December 2020	Early December 2020	?	Belgian Government	Social media research group Graphika exposes a network of 14 Twitter accounts that engaged in a coordinated campaign to criticize the Belgian government's plan to ban Huawei from supplying 5G equipment to local telecommunications providers.	Fake Websites/Social Network accounts	O Public administration and defence, compulsory social security	CW	BE		Graphika, Twitter, Huawei
82	29/01/2021	-	-	Vovalex	Multiple targets	A new ransomware called Vovalex and written in D, is being distributed through pirated software that impersonates popular Windows utilities, such as CCleaner.	Malware	Y Multiple Industries	CC	>1		Vovalex, Ransomware, D
83	29/01/2021	-	-	?	Multiple targets	Researchers from Abnormal Security discover a phishing campaign impersonating a Small Business Administration (SBA) lender for the Paycheck Protection Program (PPP) loan during the COVID-19 crisis.	Account Takeover	Y Multiple Industries	CC	US		Abnormal Security, Small Business Administration, SBA, Paycheck Protection Program, PPP, COVID-19
84	29/01/2021	24/11/2020	04/12/2020	?	Ramsey County	Ramsey County informs clients of the Family Health Division program that the hackers may have accessed personal data after the ransomware incident that hit Netgain back in December.	Malware	O Public administration and defence, compulsory social security	CC	US		Ramsey County, Family Health Division, Netgain, ransomware
85	29/01/2021	26/01/2021	26/01/2021	Turkish hackers	Miss England	The Instagram account of the Miss England beauty pageant is hijacked by Turkish hackers.	Account Takeover	R Arts entertainment and recreation	CC	UK		Miss England
86	29/01/2021	29/01/2021	29/01/2021	?	Premier Tech	Premier Tech is disrupted by a cyber attack.	Unknown	C Manufacturing	CC	CA		Premier Tech
87	29/01/2021	Between November 2013 and 09/12/2020	09/12/2020	?	Florida Healthy Kids Corporation	Florida Healthy Kids Corporation posted a notice about an incident in their website attributed to Jelly Bean Communications Design	Unknown	Q Human health and social work activities	CC	US		Florida Healthy Kids Corporation
88	29/01/2021	-	29/01/2021	?	Bihar Police Subordinate Services Commission (BPSSC)	Researchers from CloudSEK discover a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens.	Unknown	O Public administration and defence, compulsory social security	CC	IN		Bihar Police Subordinate Services Commission, BPSSC
89	29/01/2021	Between 01/05/2021 and 11/05/2021	21/08/2021	?	The Richards Group	The Richards Group is hit by a phishing attack	Account Takeover	M Professional scientific and technical activities	CC	US		The Richards Group
90	30/01/2021	-	29/01/2021	?	Single individuals	A malicious Home Depot advertising campaign is redirecting Google search visitors to tech support scams.	Malicious Google search ads	X Individual	CC	US		Home Depot
91	30/01/2021	-	-	?	British Mensa	British Mensa, the society for people with high IQs, suffers a hack on its website that results in the theft of members’ personal data.	Unknown	S Other service activities	CC	UK		British Mensa
92	31/01/2021	31/01/2021	31/01/2021	?	Multiple targets	Researchers from NCC Group reveal that the 0-day targeting the Sonicwall devices is currently exploited in the wild.	0-Day vulnerability	Y Multiple Industries	CC	>1		NCC Group, Sonicwall
93	31/01/2021	-	-	Babuk Locker	Serco	Serco, one of the companies involved in the NHS Test and Trace operations, confirms it has been hit by a ransomware attack.	Malware	M Professional scientific and technical activities	CC	UK		Serco, NHS, COVID-19, ransomware, Babuk Locker
94	31/01/2021	-	-	?	Victor Central School District	The Victor Central School District is hit with a malware attack.	Malware	P Education	CC	US		Victor Central School District, ransomware
95	31/01/2021	-	-	?	Raychat	Raychat, a popular Iranian business and social messenger, exposes its entire database (267M+ accounts w/ names, emails, passwords, metadata, encrypted chats etc.), which is then destroyed by a bot attack.	Misconfiguration	S Other service activities	CC	IR		Raychat
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events with the max and min values recorded in the previous 24 timelines (correspondingly to roughly one year)

1-15 January 2021 Cyber Attacks Timeline

Cloud-Native Threats in 2021

Leaky Buckets: a List of Cloud Misconfigurations

Popular Posts

Related Posts

This Post Has One Comment

Leave a Reply Cancel reply