1-15 February 2021 Cyber Attacks Timeline

Last Updated on March 1, 2021

The first timeline of February is here! I am trying hard to update the blog in a timely fashion and to introduce new charts and data to make it more insightful. Among the the new charts that I have introduced, there is a new “Breachometer”. The concept is very simple: it measures how the current timeline stacks up with the maximum and minimum values recorded in the previous 12 months.

After the apparent breaks of January the trend starts to ramp up again: this fortnight I have collected 98 events (and I have added a new chart to compare them with the previous months).

Ransomware continues to dominate the scene with 24 events (roughly 25% of the sample) but this number is probably underestimated given that in many cases the targeted organizations mention a generic “IT outage” and do not provide further details.

Another trend that is characterizing this beginning of 2021 is the return of the mega breaches (I had to create a specific page in the blog), and this timeline is no exception.

The Biggest Data Breaches of 2021

The Cyber Espionage front is equally quite crowded with multiple campaigns characterizing this first half of February carried out by well-known actors such as Sandworm, Lazarus Group, Domestic Kitten (AKA APT-C-50), BlackTech, and new outsiders such as NightScout (jumping on the supply-chain attacks bandwagon) and Cunfucius. The chronicle also report a newly discovred Chinese threat actor targeting a U.S. Government Payroll Agency via the SolarWinds breach.

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/02/2021	From September 2020	25/1/2021	NightScout	Five targets from Taiwan, Hong Kong, and Sri Lanka	ESET researchers reveal that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware.	Targeted Attack	R Arts entertainment and recreation	CE	>1		ESET, NoxPlayer, Android, BigNox, NightScout
2	01/02/2021	-	-	Darkside	Copel	Copel reveals to have been hit with a Darkside ransomware attack. The attackers claim to have stolen more than 1,000GB of data.	Malware	D Electricity gas steam and air conditioning supply	CC	BR		Copel, Darkside, ransomware
3	01/02/2021	-	-	Trickbot	Multiple targets	Researchers from Kryptos Logic reveal that the Trickbot malware has been upgraded with a network reconnaissance module, based on the open-source masscan tool, designed to survey local networks after infecting a victim's computer.	Malware	Y Multiple Industries	CC	>1		Kryptos Logic, Trickbot, masscan
4	01/02/2021	-	-	Suspected Chinese hackers	U.S. Government Payroll Agency	Even suspected Chinese hackers exploited the SolarWinds breach to break into U.S. government computers last year.	Targeted Attack	O Public administration and defence, compulsory social security	CE	US		China
5	01/02/2021	-	19/12/2020	?	DriveSure	Over three million customers of DriveSure, a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum	Unknown	N Administrative and support service activities	CC	US		DriveSure
6	01/02/2021	-	19/2/2021	?	Metromile	Car insurance startup Metromile says it has fixed a security flaw on its website that allowed a hacker to obtain driver license numbers.	Vulnerability	K Financial and insurance activities	CC	US		Metromile
7	01/02/2021	30/1/2020	30/1/2020	?	Vity of Houilles	The city of Houilles (department of Yvelines) is hit with a cyberattack.	Unknown	O Public administration and defence, compulsory social security	CC	FR		City of Houilles
8	02/02/2021	-	-	?	High-performance computers (HPC) and servers on academic and research networks.	ESET researchers discover Kobalos, a new backdoor targeting supercomputers across the world, often stealing the credentials for secure network connections by using a trojanized version of the OpenSSH software.	Malware	Y Multiple Industries	CC	Multiple targets		ESET, Kobalos, OpenSSH
9	02/02/2021	-	-	?	Costway	Researchers from Malwarebytes reveal that a threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer.	Malicious Script Injection	G Wholesale and retail trade	CC	>1		Malwarebytes, Costway, Magecart
10	02/02/2021	-	-	Agent Tesla	Multiple targets	Researchers from Sophos discover a new variant of Agent Tesla with a new capability to disable the Windows protection features.	Malware	Y Multiple Industries	CC	>1		Sophos, Agent Tesla
11	02/02/2021	-	-	Red Rabbit Team	Airtel	A hacker group, dubbed 'Red Rabbit Team' leaks the personal details of 2.5 million Airtel customers.	Unknown	J Information and communication	CC	IN		Airtel
12	02/02/2021	29/9/2020	-	?	Wind River Systems	Embedded system software provider Wind River Systems informs employees of a data breach that resulted in their personal information being stolen by a third party.	Wind River Systems	M Professional scientific and technical activities	CC	US		Wind River Systems
13	02/02/2021	Mid-January 2021	2/2/2021	?	K-12 School teachers	Microsoft warns of an uptick in gift card-themed business email compromise (BEC) attacks targeting K-12 school teachers by impersonating their colleagues.	Business Email Compromise	P Education	CC	US		Microsoft K-12
14	02/02/2021	-	-	?	Android users	Netlab researchers discover a new Android malware, dubbed Matryosh, that is infecting devices to recruit them in a distributed denial-of-service (DDoS) botnet.	Malware	X Individual	CC	>1		Netlab, Android, Matryosh
15	02/02/2021	Sine October 2020	1/10/2020	RansomExx, Darkside	Multiple targets	The RansomExx and Darkside ransomware gangs are abusing CVE-2019-5544 and CVE-2020-399 vulnerabilities in the VMWare ESXi product to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives.	Malware	Y Multiple Industries	CC	>1		RansomExx, Darkside, CVE-2019-5544 , CVE-2020-399, VMWare ESXi
16	02/02/2021	-	12/10/2020	Egregor	Foxtons Group	Estate agent Foxtons Group has thousands of customers’ card and personal details uploaded to a dark web site by the Egregor ransomware gang.	Malware	L Real estate activities	CC	UK		Foxtons Group
17	02/02/2021	20/1/2021	-	?	Goodwin Procter	Goodwin Procter joins the list of the organizations targeted by the Accellion vulnerability.	Accellion Vulnerability	M Professional scientific and technical activities	CC	US		Goodwin Procter, Accellion
18	02/02/2021	29/1/2021	29/1/2021	?	Baldwin Wallace University	Baldwin Wallace University is hit with a cyber attack.	Unknown	P Education	CC	US		Baldwin Wallace University
19	02/02/2021	-	-	?	The Oklahoma Tourism and Recreation Department	The Oklahoma Tourism and Recreation Department receives notice that an unknown person has been claiming to have stolen data.	Vulnerability	O Public administration and defence, compulsory social security	CC	US		Oklahoma Tourism and Recreation Department
20	03/02/2021	-	-	?	Eletrobras	Eletrobras reveals to have been hit with a ransomware attack.	Malware	D Electricity gas steam and air conditioning supply	CC	BR		Eletrobras, ransomware
21	03/02/2021	21/1/2021	31/1/2021	?	EscortReviews.com	EscortReviews.com, an online community promoting female escorts and reviews of their services suffers a data breach after a hacker downloaded the site's database.	vBulletin vulnerability	R Arts entertainment and recreation	CC	US		EscortReviews.com, vBulletin
22	03/02/2021	-	26/1/2021	?	Oxfam Australia	Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database on a hacker forum.	Unknown	U Activities of extraterritorial organizations and bodies	CC	AU		Oxfam Australia
23	03/02/2021	3/2/2021	3/2/2021	?	Emsisoft	Antivirus solutions provider Emsisoft reveals last that a third-party had accessed a publicly exposed database containing technical logs.	Misconfiguration	M Professional scientific and technical activities	CC	NZ		Emsisoft
24	03/02/2021	Since 24/12/2020 to 9/1/2021	9/1/2021	TeamTNT	Kubernetes environments	Researchers from Palo Alto Networks discover a new campaign by the TeamTNT group employing a new piece of malware dubbed Hildegard.	Malware	Y Multiple Industries	CC	>1		Palo Alto Networks, TeamTNT, Hildegard, Kubernetes
25	03/02/2021	-	-	Conti	Nocona General Hospital	The Conti ransomware gang posts the data of Nocona General Hospital after a successful attack.	Malware	Q Human health and social work activities	CC	US		Nocona General Hospital, Conti, ransomware
26	03/02/2021	-	-	?	Sacred Heart Hospital	The Sacred Heart Hospital in Mol is hit by a cyber attack	Unknown	Q Human health and social work activities	CC	BE		Sacred Heart Hospital
27	04/02/2021	-	-	?	StormShield	French cybersecurity company StormShield discloses that their systems were hacked, allowing a threat actor to access the company's support ticket system and view the source code for Network Security firewall software.	Unknown	M Professional scientific and technical activities	CE	FR		StormShield
28	04/02/2021	Since November 2020	-	?	Multiple targets	Researchers from Netscout reveal that Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service (DDoS) attacks.	DDoS	Y Multiple Industries	CC	>1		Netscout, Plex Media Server
29	04/02/2021	-	-	Lazarus group	ENKI	South Korean cybersecurity firm ENKI report that they were the target of a campaign by the Lazarus Group exploiting an Internet Explorer 0-day vulnerability.	Targeted Attack	M Professional scientific and technical activities	CE	KR		Lazarus Group, Enki, Internet Explorer
30	04/02/2021	-	-	?	Multiple targets	Google addresses an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version.	CVE-2021-21148 Vulnerability	Y Multiple Industries	N/A	>1		Google, Chrome, 88.0.4324.150, CVE-2021-21148
31	04/02/2021	-	-	?	E-Pay Malaysia	A database containing the personal info for 380,000 users of E-Pay Malaysia, is punt on sale in a forum.	Unknown	K Financial and insurance activities	CC	MY		E-Pay Malaysia
32	04/02/2021	-	-	?	Undisclosed target	Researchers from SANS discover a campaign abusing the Google Chrome Sync feature to exfiltrate data.	Malicious Chrome extension	Z Unknown	CC	N/A		SANS, Google Chrome Sync
33	04/02/2021	-	-	?	Google Chrome users	Google forcibly uninstalls the popular 'The Great Suspender' extension from Google Chrome and classifies it as malware.	Malicious Chrome extension	X Individual	CC	>1		Google, 'The Great Suspender, Chrome
34	04/02/2021	-	-	?	Multiple targets	Researchers from Intezer and Advanced Intel discover a new version of TrickBot written in the NIM programming language to provide more advanced evasion capabilities.	Malware	Y Multiple Industries	CC	>1		Intezer, Advanced Intel, TrickBot, NIM
35	04/02/2021	-	-	Hayalim Almonim (Hebrew for Anonymous Soldiers)	Patriotic Brigade Knights	A collective of anti-fascist Israeli hackers dubbed Hayalim Almonim, breaks into a website of the Patriotic Brigade Knights a group allied to the white-supremacist Ku Klux Klan (KKK).	Defacement	S Other service activities	H	US		Hayalim Almonim, Patriotic Brigade Knights, Ku Klux Klan, KKK
36	04/02/2021	-	-	Darkside	Wonderbox	Wonderbox, is hit with a ransomware attack and 30 gb of data is leaked.	Malware	R Arts entertainment and recreation	CC	FR		Wonderbox, darkside, Ransomware
37	05/02/2021	Two waves in September and October 2020	-	?	Spanish speaking victims	Microsoft warns of a consent phishing (aka OAuth phishing) attack impersonating Mexico's tax administration service — Servicio de Administración Tributaria (SAT)	Cloud Account Takeover	X Individual	CC	MX		Microsoft, consent phishing, OAuth phishing, Servicio de Administración Tributaria, SAT
38	05/02/2021	Multiple times between October and December	-	?	Multiple organizations' "investment teams."	Microsoft warns of a second consent phishing (aka OAuth phishing) campaign targeting multiple organizations' "investment teams."	Cloud Account Takeover	Y Multiple Industries	CC	>1		Microsoft, consent phishing, OAuth phishing
39	05/02/2021	5/1/2021	-	The space team	Android users	Google removes from the Play Store Barcode Scanner, a popular Android barcode scanner app with over 10 million installs, after researchers found that it turned malicious following a January 2021 update.	Malware	X Individual	CC	>1		Google, Play Store, Barcode Scanner, Android barcode scanner, The space team
40	05/02/2021	-	-	?	Spotify	Spotify is hit with a credential stuffing attack that used data from more than 100,000 accounts.	Credential Stuffing	R Arts entertainment and recreation	CC	SE		Spotify
41	05/02/2021	Between 04/01/2020 and 25/06/2020	In June 2020	?	Charles J. Hilton & Associates (CJH)	Charles J. Hilton & Associates (CJH) reveals to have suffered a phishing attack, potentially exposing the personal health information of more than 36,000 patients of University of Pittsburgh Medical Center (UPMC).	Account Takeover	M Professional scientific and technical activities	CC	US		Charles J. Hilton & Associates, CJH, University of Pittsburgh Medical Center, UPMC
42	05/02/2021	End of January 2021	End of January 2021	?	Undisclosed organization	Researchers from Armorblox discover a phishing attack pretending to share information about an electronic funds transfer (EFT) hosted on Google Firebase.	Account Takeover	Z Unknown	CC	N/A		Armorblox, Google Firebase
43	05/02/2021	Between 20/11/2020 and 07/12/2020	-	?	Nevada Health Centers	Nevada Health Centers notifies an unspecified number of patients after discovering an unauthorized person accessed an employee’s email account.	Account Takeover	Q Human health and social work activities	CC	US		UPMC
44	05/02/2021	18/1/2021	-	?	Netcom Kassel	Netcom Kassel is hit by a cyber attack.	Unknown	J Information and communication	CC	DE		Netcom Kassel
45	05/02/2021	4/2/2021	04/02/2021	?	Salt Lake Community College	A virtual poetry slam part of Black History Month events at Salt Lake Community College is commandeered by unknown individuals who display racist and anti-Black messages as well as inappropriate images of children.	Zoom bombing	P Education	CC	US		Black History Month, Salt Lake Community College
46	05/02/2021	-	-	Avaddon	Québécois Qualinet	Québécois Qualinet is hit with an Avaddon ransomware attack.	Malware	M Professional scientific and technical activities	CC	CA		Québécois Qualinet, Avaddon, ransomware
47	05/02/2021	-	-	Avaddon	SVI Assurances	SVI Assurances is hit with an Avaddon ransomware attack.	Malware	K Financial and insurance activities	CC	FR		SVI Assurances, Avaddon, ransomware
48	06/02/2021	-	-	?	Ifmal	A database containing 200,000 users of Ifmal, a Malaysian e-commerce platform is put on sale on a forum.	Unknown	G Wholesale and retail trade	CC	MY		Ifmal
49	06/02/2021	-	-	?	BVA	The French polling firm BVA is hit with a ransomware attack.	Malware	M Professional scientific and technical activities	CC	FR		BVA, ransomware
50	07/02/2021	3/2/2021	7/2/2021	?	Multiple targets	A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.	Account Takeover	Y Multiple Industries	CC	>1		Morse
51	07/02/2021	6/2/2021	6/2/2021	?	Nicol (administrator of Sri Lanka national LK top-level)	A mysterious group of hacktivists poisons the DNS records of several Sri Lankans (.klm) websites, redirecting users to a web page detailing various social issues impacting the local population. Two high-profile domains for Google.lk and Oracle.lk, are also impacted	DNS Hijacking	J Information and communication	H	LK		NIC.lk
52	08/02/2021	Since November 2020	-	Domestic Kitten AKA APT-C-50	Around 1,200 Iranian Citizens	Researchers from Check Point reveal the details of the latest campaign from the Iranian threat actor Domestic Kitten against Iranian citizens that could pose a threat to the stability of the Iranian regime.	Targeted Attack	X Individual	CE	IR		Domestic Kitten, APT-C-50, Check Point
53	08/02/2021	5/2/2021	5/2/2021	?	Water facility in the city of Oldsmar	Hackers break into the computer system of a facility that treats water for the city of Oldsmar, Florida and try to increase the concentration of sodium hydroxide (NaOH).	Account Takeover via Teamviewer	E Water supply, sewerage waste management, and remediation activities	CC	US		Oldsmar, Teamviewer
54	08/02/2021	7/2/2021	7/2/2021	?	KeepChange	KeepChange says suffers a hack. Despite hackers were unsuccessful in stealing user funds, they managed to steal some of its customers' personal data.	Unknown	V Fintech	CC	N/A		KeepChange
55	08/02/2021	-	-	?	Cann Group	Cann Group, an Australian cannabis company is hit by a cyber attack, and loses $3.6m to attackers.	Business Email Compromise	Q Human health and social work activities	CC	AU		Cann Group
56	08/02/2021	Since April 2020 to October 2020	1/4/2020	Infy	US Government and Israeli companies	Researchers from SafeBreach Labs and Check Point Research, identify evidence of a new operation by the Iranian cyber actor Infy via the Foudre and Tonnerre backdoors.	Targeted Attack	Y Multiple Industries	CE	>1		SafeBreach Labs, Check Point, Infy, Foudre, Tonnerre
57	08/02/2021	-	-	Avaddon	Somerset Independent School District	Somerset Independent School District is allegedly hit with an Avaddon ransomware attack.	Malware	P Education	CC	US		Somerset Independent School District, ransomware, Avaddon
58	08/02/2021	-	-	?	Credit card holders in US and Canada	A security researcher discovers a trove of stolen payment card data of 158,000 people from the US and Canada.	Unknown	K Financial and insurance activities	CC	US/CA		US, Canada
59	09/02/2021	8/2/2021	08/02/2021	HelloKitty	CD PROJEKT RED	CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, discloses a ransomware attack. Few days later the actors are already auctioning the alleged source code for CD PROJEKT Red games.	Malware	R Arts entertainment and recreation	CC	PL		CD PROJEKT RED, Cyberpunk 2077, The Witcher trilogy, ransomware, HelloKitty
60	09/02/2021	Since August 2020	-	BlackTech	Several East Asian government organization	Researchers from Palo Alto Unit 42 disclose the details of a new polymorphic and "highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1		Palo Alto Unit 42, BendyBear, BlackTech
61	09/02/2021	-	-	?	Multiple targets	Adobe releases security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.	CVE-2021-21017 Vulnerability	Z Unknown	N/A	>1		Adobe Reader, Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, Dreamweaver, CVE-2021-21017
62	09/02/2021	-	-	?	Unknown target(s)	Microsoft issues the February 2021 Patch Tuesday updates, with patches for a Windows Win32k elevation of privilege zero-day exploited in the wild.	CVE-2021-24067, 2021-24068 , CVE-2021-24069, CVE-2021-24070, CVE-2021-1732 vulnerabilities	Z Unknown	N/A	>1		Microsoft, CVE-2021-24067, 2021-24068 , CVE-2021-24069, CVE-2021-24070, CVE-2021-1732
63	09/02/2021	8/2/2021	08/02/2021	?	No Support Linux Hosting	A web hosting company named No Support Linux Hosting announces to shut down after a hacker breaches its internal systems and compromised its entire operation.	Unknown	J Information and communication	CC	US		No Support Linux Hosting
64	09/02/2021	-	-	?	SapphireSecure.net	Two UK-based IPTV suppliers – SapphireSecure.net and KS-Hosting.com – become victims in what appears to be a series of hacks carried out by the same individual.	Unknown	J Information and communication	CC	UK		SapphireSecure.net
65	09/02/2021	-	-	?	KS-Hosting.com	Two UK-based IPTV suppliers – SapphireSecure.net and KS-Hosting.com – become victims in what appears to be a series of hacks carried out by the same individual.	Unknown	J Information and communication	CC	UK		KS-Hosting.com
66	09/02/2021	Since January 2021	-	?	Python Package Index (PyPI) portal	Spammers flood the Python Package Index (PyPI) portal with garbage content, flooding both with ads for shady sites and services.	SEO Spam	S Other service activities	CC	N/A		Python Package Index, PyPI
67	09/02/2021	8/2/2021	8/2/2021	?	GitLab	An unknown threat actor spams the Issues Tracker for thousands of GitLab projects with spam content.	SPAM	S Other service activities	CC	US		GitLab
68	09/02/2021	-	-	?	Discord users	Researchers from Zscaler report multiple active campaigns targeting the Discord service designed to trigger an infection chain and serve-up the Epsilon ransomware, the data-stealer Trojans and the XMRrig cryptominer.	Malware	X Individual	CC	>1		Zscaler, Discord, Epsilon, XMRrig
69	09/02/2021	Since 02/07/2020	-	Kasablanca	Bangladesh-based organizations, namely banks and carrier-grade voice-over-IP software vendors	Researchers from Cisco Talos discover a new campaign targeting Android users via the LodaRAT malware.	Malware	Y Multiple Industries	CE	BD		Cisco Talos, LodaRAT
70	09/02/2021	Mid-December 2020	-	?	University of Colorado	The University of Colorado announces to have been hit by the Accellion breach.	Accellion Vulnerability	P Education	CC	US		University of Colorado, Accellion
71	09/02/2021	-	-	?	Dax Hospital	The Dax Hospital is hit by a large-scale cyber attack.	Unknown	Q Human health and social work activities	CC	FR		Dax Hospital
72	10/02/2021	Since 2013	-	Confucius	Pakistani and South Asian targets	Researchers from Lookout reveal the details on two Android spyware strains, dubbed Hornbill and SunBird, leveraged by pro-India state-sponsored threat actors during the India-Pakistan conflict.	Targeted Attack	Y Multiple Industries	CE	>1		India, Pakistan, Cunfucius, Android, Hornbill, SunBird
73	10/02/2021	Feb-21	05/02/2021	RansomExx	Mutuelle Nationale des Hospitaliers (MNH)	French health insurance company Mutuelle Nationale des Hospitaliers (MNH) suffers a RansomExx ransomware attack	Malware	K Financial and insurance activities	CC	FR		Mutuelle Nationale des Hospitaliers, MNH, ransomware, RansomExx
74	10/02/2021	-	-	?	US tax professionals	The Internal Revenue Service (IRS) warns US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).	Account Takeover	K Financial and insurance activities	CC	US		Internal Revenue Service, IRS, Electronic Filing Identification Number, EFIN.
75	10/02/2021	Between 24/09/2021 and 28/09/2021	-	?	Syracuse University	The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants are exposed after someone gained unauthorized access to an employee’s email account.	Account Takeover	P Education	CC	US		Syracuse University
76	10/02/2021	-	-	Conti	ReMax Kelowna	The Conti ransomware group lists a British Columbia-based real estate agency, ReMax Kelowna, as one of its victims on its website.	Malware	L Real estate activities	CC	CA		Conti, ReMax Kelowna
77	10/02/2021	-	-	?	Six Doncaster schools	A Zoom event with six Doncaster schools is hijacked by a man exposing himself.	Zoom bombing	P Education	CC	UK		Doncaster
78	10/02/2021	-	-	?	Chinese users of the Flash app	Researchers from Minerva Labs discover that the Chinese version of the Flash app, still available after EOL, is surreptitiously installing adware.	Malware	X Individual	CC	CN		Flash, Minerva Labs
79	11/02/2021	-	-	?	Vivo	Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).	Unknown	J Information and communication	CC	BR		ANPD, Vivo, Claro
80	11/02/2021	-	-	?	Claro	Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).	Unknown	J Information and communication	CC	BR		ANPD, Vivo, Claro
81	11/02/2021	20/1/2021	30/01/2021	?	Singtel	Singtel discloses a data breach caused by a vulnerability in the Accellion FTA secure file transfer software.	Accellion Vulnerability	J Information and communication	CC	SG		Accellion, Singtel
82	11/02/2021	-	06/02/2021	?	0 million Malaysian voters	Personal data of 10 million Malaysian voters is leaked online.	Unknown	Z Unknown	CC	MY		Malaysia
83	11/02/2021	25/12/2020	2/2/2021	?	QIMR Berghofer Medical Research Institute	The QIMR Berghofer Medical Research Institute has also announces a data breach caused by the Accellion FTA service.	Accellion Vulnerability	Q Human health and social work activities	CC	AU		Accellion, QIMR Berghofer
84	11/02/2021	From August 2020 to January 2021	-	Multiple threat actors	Multiple targets	Microsoft warns of an increasing number of web shell attacks	Web shells	Y Multiple Industries	N/A	>1		Microsoft, Web shells
85	11/02/2021	January and February 2021	January and February 2021	?	Single individuals	Proofpoint researchers observe a few of BazaLoader campaigns leveraging Valentine's Day themes such as flowers and lingerie.	Malware	X Individual	CC	>1		Proofpoint, BazaLoader, Valentine's Day
86	11/02/2021	22/6/2020	30/6/2020	?	Bannock County	Bannock County discloses that its network was potentially accessed by an unknown actor.	Unknown	O Public administration and defence, compulsory social security	CC	US		Bannock County
87	11/02/2021	-	-	?	ECU Worldwide	ECU Worldwide is hit by a 'cyber incident'.	Unknown	H Transportation and storage	CC	US		ECU Worldwide
88	11/02/2021	-	-	?	Unknown Car Rental in France	The personal documents of thousands of car drivers are leaked in the dark web.	Unknown	H Transportation and storage	CC	FR		Car Rental
89	12/02/2021	Since end January 2021	20/1/2021	Bazar	Multiple targets	Researchers from Fortinet identify a phishing attacks distributing new variant of Bazar trojan.	Malware	Y Multiple Industries	CC	>1		Fortinet, Bazar
90	12/02/2021	12/2/2021	12/2/2021	?	Notion	Notion, an online workspace startup is knocked offline after a DNS outage deriving from a phishing attack.	Account Takeover	S Other service activities	CC	US		Notion
91	12/02/2021	Starting from early February 2021	Starting from early February 2021	Lampion	Banking users in Portugal	A new release of the Latin American Lampion trojan was released in Portugal using a template related to COVID-19.	Malware	K Financial and insurance activities	CC	PT		Lampion, COVID-19
92	12/02/2021	9/2/2021	09/02/2021	REvil AKA Sodinokibi	Trigano	Trigano, a manufacturer of caravans, motorhomes, camping furniture and mobile homes, is hit with a Sodinokibi ransomware attack.	Malware	C Manufacturing	CC	FR		Trigano, Sodinokibi ransomware, REvil, Sodinokibi
93	12/02/2021	06/02/2021	06/02/2021	?	City of Seraing	The city od Seraing is paralyzed by a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	BE		City of Seraing
94	12/02/2021	10/12/2021	10/12/2021	?	Central Piedmont Community College	Central Piedmont Community College is hit with a ransomware attack.	Malware	P Education	CC	US		Central Piedmont Community College, ransomware
95	13/02/2021	-	-	Darkside	Discount Car and Truck Rentals	Canadian Discount Car and Truck Rentals is hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.	Malware	H Transportation and storage	CC	CA		Discount Car and Truck Rentals, DarkSide, ransomware.
96	13/02/2021	13/02/2021	13/02/2021	?	Alpha Finance Lab	An attacker successfully drains over $37 million from the Alpha Homora protocol.	Unknown	V Fintech	CC	N/A		Alpha Finance Lab
97	14/02/2021	-	-	Ragnar Locker	Ness Digital Engineering	Ness Digital Engineering is hit with a ransomware attack.	Malware	M Professional scientific and technical activities	CC	IL		Ness Digital Engineering, ransomware, Ragnar Locker
98	14/02/2021	-	Late December 2020	?	Apple users	A researcher discovers the first piece of Mac malware that appears to have been created specifically for devices with Apple’s recently introduced M1 chip.	Malware	X Individual	CC	US		Pirrit, Mac, M1
99	14/02/2021	-	-	?	490,000 French patients	The data of 490,000 French patients are on sale in the black market.	Unknown	Q Human health and social work activities	CC	FR		French patients
100	14/02/2021	-	-	?	France Service	France Service, a portal providing services to the French people leaving in the US, ia hacked.	Unknown	N Administrative and support service activities	CC	FR		France Service
101	14/02/2021	-	-	?	800 sites in Canada	A malicious actor puts on sale the access to more than 800 sites in Canada.	Unknown	Y Multiple Industries	CC	CA		Canada
102	14/02/2021	14/02/2021	14/02/2021	?	University of Edinburgh	A Zoom event of African and Caribbean Society, a student union of the University of Edinburgh is hijacked.	Zoom bombing	P Education	CC	UK		Zoom, African and Caribbean Society, University of Edinburgh
103	15/02/2021	late 2017 and continued until 2020	2020	Sandworm	Multiple targets	The French information security agency ANSSI publishes an advisory warning that hackers with links to Sandworm have stealthily hacked targets in that country by exploiting an IT monitoring tool called Centreon. The company denies the claims.	Targeted Attack	Y Multiple Industries	CE	FR		ANSSI, Sandworm, Centreon
104	15/02/2021	-	-	Multiple threat actors	Multiple targets	Researchers at the threat intelligence firm Cyble discover a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform.	Account Takeover	Y Multiple Industries	>1	>1		Cyble, ngrok
105	15/02/2021	-	-	?	Urological Clinic Munich Planegg	The Urological Clinic Munich Planegg is hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	DE		Urological Clinic Munich Planegg, ransomware
106	15/02/2021	15/02/2021	15/02/2021	?	Villefranche-sur-Saône (Rhône) Hospital	The Villefranche-sur-Saône (Rhône) Hospital is hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	FR		Villefranche-sur-Saône, ransomware
107	15/02/2021	-	-	?	Netherlands Organization for Scientific Research (NWO)	The Netherlands Organization for Scientific Research (NWO) is hit by a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	NL		Netherlands Organization for Scientific Research, NOW
108	15/02/2021	-	-	Conti	Rehoboth Mckinley Christian Health Care Services	Rehoboth Mckinley Christian Health Care Services is hit by a Conti ransomware attack.	Malware	Q Human health and social work activities	CC	US		Rehoboth Mckinley Christian Health Care Services, Conti, ransomware
109	15/02/2021	-	-	?	Omnicom Media Group	Omnicom Media Group is allegedly hit by a cyber attack	Unknown	J Information and communication	CC	UK		Omnicom Media Group
110	15/02/2021	-	-	DoppelPaymer	Bailly-Creat	The French pharmaceutical lab Bailly-Creat is hit with the DoppelPaymer ransomware.	Malware	M Professional scientific and technical activities	CC	FR		Bailly-Creat, DoppelPaymer, ransomware
111	15/02/2021	Between July 2019 and December 2020	During December 2020	?	Sutter Buttes Imaging Medical Group	Sutter Buttes Imaging Medical Group notifies patients that their protected health information may have been accessed by unauthorized individuals who hacked into its vendor's IT infrastructure in 2019.	Unknown	M Professional scientific and technical activities	CC	US		Sutter Buttes Imaging Medical Group
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Breachometer

The “Breachometer” compares the current number of events with the max and min values recorded in the previous 24 timelines (correspondingly to roughly one year)

12 Months Trend