Here’s the first cyber attacks timeline of March, covering the main events occurred in the first half of this month. What an unbelievable period from an infosecurity standpoint! I have collected a staggering 150 events, and the reason is that there are some factors that are undoubtedly characterizing the period and will probably leave some consequences throughout the entire 2021.
I am obviously talking about the ProxyLogon vulnerability that is unleashing a massive wave of attacks by state-sponsored actors and cyber criminals. In this timeline, 19 events out of 150 (12.7%) are directly or indirectly related to the exploitation of this vulnerability, with a number of possible victims that exceeds 30,000.
Ransomware continues to dominate the threat landscape with 44 out of 150 events (roughly 27%), but the real number could be even higher since in most cases organizations don’t provide details on the attack, citing a generic outage.
And the other event that is characterizing the latest timelines is the Accellion FTA 0-day, with new victims joining the list on a regular basis. In this timeline there are 5 new organizations that disclosed to have suffered a cyber attack carried out exploiting the vulnerability of the file transfer service.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
As mentioned previously, even the cyber espionage front has been characterized by the ProxyLogon vulnerability, in particular a threat actor dubbed Hafnium, has launched an unprecedented wave of campaigns against organizations worldwide, but other threat actors have quickly jumped on the same bandwagon.
Last but not least, a group of hacktivists have breached the security-cameras by a Silicon Valley startup, gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies (including high-profile targets), police departments, prisons and schools.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/03/2021
-
-
APT10 (AKA Stone Panda)
Bharat Biotech
Researchers from Cyfirma reveal the details of a campaign aimed to steal intellectual property related to COVID-19.
Targeted Attack
M Professional scientific and technical activities
CE
IN
Bharat Biotech, COVID-19
2
01/03/2021
-
-
APT10 (AKA Stone Panda)
Serum Institute of India (SII)
Researchers from Cyfirma reveal the details of a campaign aimed to steal intellectual property related to COVID-19.
Targeted Attack
M Professional scientific and technical activities
CE
IN
Serum Institute of India, SII, COVID-19
3
01/03/2021
During August 2020
21/2/2021
?
Ticketcounter
Ticketcounter suffers a data breach after a user database containing 1.9 million unique email addresses is stolen from an unsecured staging server.
Misconfiguration
R Arts entertainment and recreation
CC
NL
Ticketcounter
4
01/03/2021
-
-
Gootloader
Targets in South Korea, Germany, France, and across North America.
Researchers from Sophos reveal the details of a new Gootloader campaign, pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results.
Malware
K Financial and insurance activities
CC
>1
Sophos, Gootloader, WordPress. Google
5
01/03/2021
-
-
?
Multiple targets
Researchers from Sonatype identify new “dependency confusion” packages published to the npm ecosystem that are malicious in nature. The squatted packages are named after repositories, namespaces or components used by popular companies such as Amazon, Zillow, Lyft, and Slack.
Malware
Y Multiple Industries
CC
>1
Sonatype, Amazon, Zillow, Lyft, Slack
6
01/03/2021
Last week of February
Last week of February
Developer of the 16Shop phishing kit
Users of the Cash App mobile payment service
Researchers from ZeroFOX discover a new phishing kit targeting the users of the popular Cash App mobile payment service.
Account Takeover
K Financial and insurance activities
CC
>1
Cash App, ZeroFOX, 16Shop
7
01/03/2021
-
-
?
Single individuals
The US Department of Justice seizes remdesivirmx[.]com, a domain used to collect the personal information of individuals who wanted to buy the Remdesivir antiviral drug.
Account Takeover
X Individual
CC
US
US Department of Justice, remdesivirmx[.]com, Remdesivir
8
01/03/2021
-
-
?
Caffitaly
Caffitaly, one of the most important manufacturers of caffe capsules, is impacted by a ransomware attack.
Malware
C Manufacturing
CC
IT
Caffitaly, ransomware
9
02/03/2021
28/2/2021
28/2/2021
?
PrismHR
Payroll company PrismHR suffers a massive outage after a ransomware attacks.
Malware
N Administrative and support service activities
CC
US
PrismHR, ransomware
10
02/03/2021
-
-
Hafnium (Chinese APT)
US organizations
Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks.
Google fixes an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version (CVE-2021-21166.)
CVE-2021-21166 Vulnerability
Z Unknown
N/A
N/A
Google Chrome 89.0.4389.72, CVE-2021-21166
12
02/03/2021
-
-
Clop
CSX
U.S. Rail operator CSX joins the list of the victims of the Accellion FTA Vulnerability.
Vulnerability
H Transportation and storage
CC
US
Clop, CSX, Accellion FTA
13
02/03/2021
Since 2007
-
Ursnif
100 Italian Banks
Researchers from Avast reveal that the Ursnif trojan has hit at least 100 Italian Banks since 2007.
Malware
K Financial and insurance activities
CC
IT
Avast, Ursnif
14
02/03/2021
Since April 2020
During November 2020
?
Organizations across Southeast Asia.
Researchers from Cisco Talos discover a new campaign distributing the ObliqueRAT via compromised websites, and using steganography to conceal the payload.
Malware
Y Multiple Industries
CE
>1
Cisco Talos, ObliqueRAT
15
02/03/2021
28/12/2020
28/12/2020
?
PeakTPA
PeakTPA reveals to have been hit with a ransomware attack.
Malware
N Administrative and support service activities
CC
US
PeakTPA, ransomware
16
02/03/2021
26/2/2021
26/2/2021
?
Hanover Area School District
A cyber attack impacts the Hanover Area School District and some neighboring school districts,
Unknown
P Education
CC
US
Hanover Area School District
17
02/03/2021
28/2/2021
28/2/2021
?
Adim Adim
Adim Adim, a Turkish charity organization, is hacked.
Unknown
Q Human health and social work activities
CC
TR
Adim Adim
18
02/03/2021
-
-
?
ATMs in Mexico
Researchers from Metabase Q, uncover a new version of the Ploutus ATM malware called Ploutus-I, targeting ATMs in Mexico.
Malware
K Financial and insurance activities
CC
MX
Metabase Q, Ploutus, Ploutus-I
19
03/03/2021
24/12/2020
24/12/2020
Clop
Qualys
Cybersecurity firm Qualys is likely the latest victim to have suffered a data breach for the zero-day vulnerability in their Accellion FTA server.
Vulnerability
M Professional scientific and technical activities
CC
FR
Clop, Qualys, Accellion FTA
20
03/03/2021
27/2/2021
27/2/2021
Darkside
CompuCom
US managed service provider CompuCom suffers a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware.
Malware
M Professional scientific and technical activities
CC
US
CompuCom, DarkSide, ransomware
21
03/03/2021
During 2020
During 2020
?
Financial Investors
Researchers from Agari reveal that BEC scammers have started to target investors with fake 'capital call' notices that carry a much larger payout than your standard BEC scam.
Business Email Compromise
K Financial and insurance activities
CC
>1
Agari
22
03/03/2021
3/3/2021
3/3/2021
?
Nova Education Trust
15 schools in the United Kingdom belonging to Nova Education Trust are unable to provide online learning due to a cyberattack.
Unknown
P Education
CC
UK
Nova Education Trust
23
03/03/2021
Since December 2020
-
RTM
At least ten Russian organizations in the transport and finance sectors
Researchers rom Kaspersky reveal the details of a new campaign by the Russian RTM group carried out via a trojan (Banker.Win32.RTM) and the Quoter ransomware.
Edsembli, a provider of K-12 Education Management Software, suffers a ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Edsembli, ransomware
25
03/03/2021
28/2/2021
28/2/2021
?
Millersville University
Millersville University confirms to have suffered a cyber attack.
Malware
P Education
CC
US
Millersville University, ransomware
26
03/03/2021
-
-
Nefilim
Atlanta Allergy & Asthma
Atlanta Allergy & Asthma is hit with a Nefilim ransomware attack.
Malware
Q Human health and social work activities
CC
US
Atlanta Allergy & Asthma, Nefilim, ransomware
27
03/03/2021
-
-
?
American Patriots Three Percent
A group or activists discovers a leak in the website of the American Patriots Three Percent, and is able to obtain the data.
Misconfiguration
S Other service activities
H
US
American Patriots Three Percent
28
03/03/2021
-
-
?
Center for Early Education
The Center for Early Education, an elite private school in Hollywood, is breached.
Unknown
P Education
CC
US
Center for Early Education
29
03/03/2021
-
-
Hidden Cobra AKA Lazarus Group
Multiple targets
Researchers from Sygnia reveal that the North Korean Group Hidden Cobra, is deploying the TFlower ransomware, using its MATA malware framework.
Malware
Y Multiple Industries
CC
>1
Sygnia, Hidden Cobra, Lazarus Group, TFlower, ransomware, MATA
30
04/03/2021
-
24/2/2021
?
SITA
Passenger data from multiple airlines around the world is compromised after hackers breached servers belonging to SITA.
Unknown
M Professional scientific and technical activities
CC
CH
SITA
31
04/03/2021
From 24/12/2020
-
Clop
Southern Illinois University School of Medicine
Southern Illinois University School of Medicine joins the list of the victims of the Accellion FTA Vulnerability.
Vulnerability
P Education
CC
US
Clop, Southern Illinois University School of Medicine, Accellion FTA
32
04/03/2021
December 2020 and January 2021
-
Compact
Users of Outlook Web Access and Microsoft 365
Researchers from WMC Global discover a phishing campaign targeting users of Outlook Web Access and Office 365 services, relying on trusted domains such as SendGrid.
Account Takeover
Y Multiple Industries
CC
>1
WMC Global, Outlook Web Access, Office 365, SendGrid
33
04/03/2021
-
3/3/2021
?
Maza aka Mazafuka
The Maza cybercrime forum is hacked and member data is leaked.
Unknown
S Other service activities
CC
RU
Maza, Mazafuka
34
04/03/2021
-
3/3/2021
?
Verified
The Verified cybercrime forum is hacked and member data is leaked.
Unknown
S Other service activities
CC
RU
Verified
35
04/03/2021
-
3/3/2021
?
Dread
The Dread cybercrime forum is hacked and member data is leaked.
Unknown
S Other service activities
CC
RU
Dread
36
04/03/2021
-
3/3/2021
?
Club2Crd
The Club2Crd cybercrime forum is hacked and member data is leaked.
Unknown
S Other service activities
CC
RU
Club2Crd
37
04/03/2021
-
-
?
US brokerage firms and brokers
The US Financial Industry Regulatory Authority (FINRA) issues a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.
Account Takeover
K Financial and insurance activities
CC
US
The US Financial Industry Regulatory Authority, FINRA
38
04/03/2021
-
4/3/2021
Hog
Single individuals
A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server.
Malware
X Individual
CC
>1
Hog, Ransomware, Discord
39
04/03/2021
Since February 2021
During March 2021
AlumniLocker
Multiple targets
Researchers from Trend Micro discover a new ransomware strain dubbed AlumniLocker.
Malware
Y Multiple Industries
CC
>1
Trend Micro, ransomware, AlumniLocker
40
04/03/2021
Since February 2021
During February 2021
Humble
Multiple targets
Researchers from Trend Micro discover a new ransomware strain dubbed Humble.
Malware
Y Multiple Industries
CC
>1
Trend Micro, ransomware, Humble
41
04/03/2021
-
-
?
Adecco Group
A user on a popular hacking forum purportedly sells the stolen credentials from 6 South American countries for the Swiss-based Adecco Group.
Misconfiguration
N Administrative and support service activities
CC
>1
Adecco Group
42
04/03/2021
-
-
?
Atlassian BitBucket
Researchers from Aqua Security discover a campaign exploiting the automated build processes of BitBucket and Docker Hub to mine cryptocurrency.
Misconfiguration
M Professional scientific and technical activities
CC
US
Aqua Security, BitBucket, Docker Hub
43
04/03/2021
Since 2020
-
?
Industrial organizations in Europe, Asia and North America
Researchers from DeNexus reveal the details of a campaign targeting industrial organizations in Europe, Asia and North America using AZORult, AgentTesla, Formbook, MassLogger and Matiex.
The Williams F1 Grand Prix Engineering is forced to abandon plans to reveal its 2021 Formula One car via an augmented reality app after it was hacked and images leaked online.
Unknown
R Arts entertainment and recreation
CC
UK
Williams Grand Prix Engineering
51
05/03/2021
24/2/2021
-
?
Queen's University in Belfast (QUB)
Queen's University in Belfast (QUB) reveals to have suspended access to "a number of university systems" as a precaution following an attempted cyber-attack.
Unknown
P Education
CC
UK
Queen's University in Belfast, QUB
52
05/03/2021
-
-
?
Single Individuals
The United States Justice Department warns that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data.
Account Takeover
X Individual
CC
US
The United States Justice Department, State Workforce Agencies, SWA
53
05/03/2021
Early March 2021
Early March 2021
?
Senior-level employees in the banking and IT sector
Researchers from Zscaler discover a phishing campaign, aimed to steal Microsoft 365 credentials, and leveraging a bogus Google reCAPTCHA system.
Account Takeover
Y Multiple Industries
CC
>1
Zscaler, Microsoft 365, Google, reCAPTCHA
54
05/03/2021
During 2020
During November 2020
?
Android users in Spain
Researchers from PRODAFT reveal the details of FluBot, a new Android banking malware.
Malware
K Financial and insurance activities
CC
ES
PRODAFT, FluBot, Android
55
05/03/2021
-
-
?
Unnamed consulting Firm in Japan
An unnamed consulting firm in Japan is hit by ransomware and the personal info of 350 households is leaked.
Malware
N Administrative and support service activities
CC
JP
ransomware
56
05/03/2021
5/3/2021
5/3/2021
?
Educa em Casa
Educa em Casa is hit by a cyber attack.
Unknown
N Administrative and support service activities
CC
BR
Educa em Casa
57
05/03/2021
5/3/2021
5/3/2021
?
Several Ministries in the Czech Republic
Czech officials in Prague are hit by a large-scale cyberattack, according to the city's mayor.
Unknown
O Public administration and defence, compulsory social security
N/A
CZ
Czech Republic
58
05/03/2021
28/1/2021
29/1/2021
?
American Armed Forces Mutual Aid Association
The American Armed Forces Mutual Aid Association notifies 161,621 individuals of a hacking incident.
Unknown
Q Human health and social work activities
CC
US
American Armed Forces Mutual Aid Association
59
05/03/2021
-
-
Nefilim
Spirit Airlines
Spirit Airlines is hit with a Nefilim ransomware attack.
Malware
H Transportation and storage
CC
US
Spirit Airlines, Nefilim, ransomware
60
05/03/2021
-
-
?
Foreign, Commonwealth and Development Office (FCDO)
Hackers obtain sensitive documents related to the Foreign, Commonwealth and Development Office (FCDO).
Unknown
O Public administration and defence, compulsory social security
N/A
UK
Foreign, Commonwealth and Development Office, FCDO
61
05/03/2021
-
-
?
Chester Upland School District
Chester Upland School District loses "millions" due to an alleged cyber attack.
Unknown
P Education
CC
US
Chester Upland School District
62
05/03/2021
23/2/2021
23/2/2021
?
Allergy Partners
Federal authorities are investigating the ransomware attack that caused a network outage at Allergy Partners.
Researchers from Forcepoint discover a new phishing campaign distributing the Zloader payload.
Malware
X Individual
CC
>1
Forcepoint, Zloader
65
06/03/2021
6/3/2021
6/3/2021
?
Debra Katz
The website for Debra Katz, the lawyer for Gov. Andrew Cuomo's second accuser, Charlotte Bennett, is hacked.
Defacement
N Administrative and support service activities
CC
US
Debra Katz, Andrew Cuomo, Charlotte Bennett
66
06/03/2021
-
-
Trickbot
Multiple targets
Supermicro and Pulse Secure issue advisories warning users that some of their products are vulnerable to the updated version of Trickbot malware.
Malware
Y Multiple Industries
CC
>1
Supermicro, Pulse Secure, Trickbot
67
07/03/2021
-
-
Hafnium (Chinese APT)
European Banking Authority (EBA)
The European Banking Authority (EBA) takes down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide.
O Public administration and defence, compulsory social security
CE
EU
European Banking Authority, EBA, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
CVE-2021-27065
68
07/03/2021
7/3/2021
7/3/2021
?
University of the Highlands and Islands (UHI)
The University of the Highlands and Islands (UHI) in Scotland is hit with a ransomware attack.
Malware
P Education
CC
UK
University of the Highlands and Islands, UHI, ransomware
69
07/03/2021
7/3/2021
7/3/2021
?
Magnolia ISD
Magnolia ISD reveals to have been hit by an account takeover attack.
Account Takeover
P Education
CC
US
Magnolia ISD
70
07/03/2021
-
-
?
Robotron
Robotron, a provider of backup software, is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
DE
Robotron, ransomware
71
08/03/2021
-
22/1/2021
Clop
Flagstar Bank
Flagstar Bank joins the list of the victims of the Accellion FTA Vulnerability.
Vulnerability
K Financial and insurance activities
CC
US
Clop, Flagstar Bank, Accellion FTA
72
08/03/2021
-
-
Sarbloh
Multiple targets
A new ransomware known as Sarbloh encrypts delivers a message supporting the protests of Indian farmers.
Malware
Y Multiple Industries
H
>1
Sarbloh, ransomware
73
08/03/2021
Since 24/01/2021
-
z0Miner
Vulnerable Jenkins and ElasticSearch servers
Researchers from Netlab 360 discover a new version of the z0Miner targeting vulnerable Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency.
The systems of SEPE, the Spanish government agency for labor, are taken down following a ransomware attack that hit more than 700 agency offices across Spain.
Malware
O Public administration and defence, compulsory social security
CC
ES
SEPE, Ryuk
81
09/03/2021
-
-
?
Verkada
A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Companies whose footage was exposed include carmaker Tesla Inc. and software provider Cloudflare Inc.
Misconfiguration
C Manufacturing
H
US
Verkada, Tesla, Verkada
82
09/03/2021
-
-
?
Single individuals
The US Department of Justice seizes usaregenermedicals[.]com, a domain used to impersonate the official site of Regeneron Pharmaceuticals, a biotechnology company involved in COVID-19 vaccine development.
Account Takeover
X Individual
CC
US
US Department of Justice, usaregenermedicals[.]com, Regeneron Pharmaceuticals, COVID-19
83
09/03/2021
8/3/2021
8/3/2021
?
DODO
Decentralized exchange and liquidity provider DODO is hacked earlier today, resulting in a loss of funds amounting to $3.8 million.
Vulnerability
V Fintech
CCC
N/A
DODO
84
09/03/2021
-
28/1/2021
?
Android users
Researchers from Check Point discover Clast82, a new Dropper spreading via the official Google Play store, which downloads and installs the AlienBot Banker and MRAT. Google consequently removes 10 apps after 15,000 installs
Malware
X Individual
CC
>1
Check Point, Clast82, Google Play store, AlienBot, MRAT, Android
85
09/03/2021
9/3/2021
9/3/2021
?
BTS TikTok account
A threat actor hacks into the TikTok account of South Korea's biggest boy band, BTS, also known as the Bangtan Boys.
Account Takeover
R Arts entertainment and recreation
CC
KR
BTS, Bangtan Boys, TikTok
86
09/03/2021
-
-
?
Guns.com
A database apparently belonging to Guns.com is dumped on a hacker forum.
Unknown
S Other service activities
CC
US
Guns.com
87
09/03/2021
9/3/2021
9/3/2021
?
Lot-et-Garonne firefighters
Lot-et-Garonne firefighters are hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Lot-et-Garonne, ransomware
88
09/03/2021
6/3/2021
6/3/2021
LORDBR
Cosco Shipping
Cosco Shipping, the world’s third largest container line, has its email system compromised, allegedly by the Brazilian hacker known as LORDBR
Account Takeover
H Transportation and storage
CC
CN
Cosco Shipping, LORDBR
89
09/03/2021
30/7/2020
16/2/2021
?
New London Hospital
New London Hospital notifies 34,878 patients that an unauthorized party gained access to a file on the hospital's network in a targeted cyberattack.
Unknown
Q Human health and social work activities
CC
US
New London Hospital
90
10/03/2021
-
-
Hafnium (Chinese APT)
Norway's parliament
Norway's parliament, the Storting reveals to have been hit by a cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities.
Resarchers from ESET discover an unattributed campaign exploiting the CVE-2021-26855 vulnerability to drop PowerShell downloaders for a cryptominer campaign.
Security researchers at Intezer discover a previously undocumented backdoor dubbed RedXOR, used in ongoing attacks targeting Linux systems.
Malware
Y Multiple Industries
CE
>1
Intezer, RedXOR, Winnti Group, BARIUM, APT41
103
10/03/2021
Since February 2021
3/2/2021
TA800
Multiple Targets
Researchers from Proofpoint discover a campaign distributing a new malware written in Nim, dubbed NimzaLoader.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Nim, NimzaLoader, TA800
104
10/03/2021
-
-
?
Undisclosed online shop
Researchers at Sucuri discover a new exfiltration technique used in Magecart attacks and hiding the stolen data in images.
Malicious Script Injection
G Wholesale and retail trade
CC
N/A
Sucuri, Magecart
105
10/03/2021
-
-
?
Two Federal Authorities in Germany
The German Federal Office for Information Security (BSI) reveals that two federal authorities in Germany have been hacked exploiting the Microsoft vulnerability.
O Public administration and defence, compulsory social security
CE
DE
German Federal Office for Information Security, BSI, Microsoft, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
CVE-2021-27065
106
10/03/2021
7/3/2021
7/3/2021
?
University of Central Lancashire
The University of Central Lancashire reveals to have been hit with a cyber attack.
Unknown
P Education
CC
UK
University of Central Lancashire
107
10/03/2021
-
-
?
Single individuals
Researchers from Kaspersky discover a new crypto mining campaign carried out via a fake adblocker.
Malware
X Individual
CC
>1
Kaspersky, Crypto
108
10/03/2021
Since 2020
-
FIN8
organizations mainly in Canada, Italy, Panama, Puerto Rico, South Africa and the United States
Researchers from Bitdefender discover a new campaign carried out by the FIN8 financial motivated group via a new version of the BADHATCH backdoor.
Malware
Y Multiple Industries
CC
>1
Bitdefender, FIN8, BADHATCH
109
10/03/2021
8/1/2021
9/1/2021
REvil AKA Sodinokibi
Preferred Home Care of New York
Preferred Home Care of New York reveals to have been hit by a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
US
Preferred Home Care of New York, Ryuk, ransomware
110
10/03/2021
10/3/2021
10/3/2021
?
City of Ebeleben
The City of Ebeleben is hit by a massive cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
DE
City of Ebeleben
111
10/03/2021
-
-
?
Overseas Service Corporation
Overseas Service Corporation announces a phishing email incident.
Account Takeover
N Administrative and support service activities
CC
US
Overseas Service Corporation
112
10/03/2021
-
-
?
Urban Research
Urban Research announces that the online store suffered an unauthorized access by a third party, compromising the personal information of 317,326 persons.
Unknown
G Wholesale and retail trade
CC
JP
Urban Research
113
10/03/2021
-
-
?
myNewJersey
Hackers target the accounts of about 200 state employees of the myNewJersey portal.
Unknown
O Public administration and defence, compulsory social security
CC
US
myNewJersey
114
11/03/2021
11/3/2021
11/3/2021
?
Molson Coors
The Molson Coors Beverage Company suffers a ransomware attack that is causing significant disruption to business operations.
Malware
I Accommodation and food service activities
CC
US
Molson Coors, ransomware
115
11/03/2021
9/3/2021
-
DEARCRY
Multiple Targets
Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.
Researchers from Trustwave Spiderlabs discover a new campaign spreading the NanoCore trojan via image binary files.
Malware
Z Unknown
CC
N/A
Trustwave Spiderlabs, NanoCore
117
11/03/2021
25/2/2021
25/2/2021
?
Fastway Couriers
Fastway Couriers confirms that one of its IT systems has been subject of a cyber-attack, the consequence of which has been that parcel receivers’ data has been compromised.
Unknown
H Transportation and storage
CC
US
Fastway Couriers
118
11/03/2021
-
-
?
Several organizations across Europe
Researchers from Cofense discover a new campaign of the Metamorfo (AKA Mekotio) banking trojan abusing AutoHotKey (AHK) to evade detection and steal users’ information,
Malware
K Financial and insurance activities
CC
>1
Cofense, Metamorfo, Mekotio, AutoHotKey, AHK
119
11/03/2021
During February 2021
During February 2021
?
Newberry County Memorial Hospital
Newberry County Memorial Hospital reveals to have been hit with a ransomware attack in February.
Malware
Q Human health and social work activities
CC
US
Newberry County Memorial Hospital, ransomware
120
11/03/2021
11/3/2021
11/3/2021
?
City of Covington
The City of Covington is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Covington
121
11/03/2021
-
-
Clop
Health Net LLC
Health Net LLC joins the list of the victims hit through the Accellion vulnerability.
Vulnerability
Q Human health and social work activities
CC
US
Health Net LLC, Clop, Accellion
122
12/03/2021
-
-
ZHtrap
Multiple targets
Researchers from Netlab 360 discover ZHtrap a new botnet targeting routers, DVRs, and UPnP network devices, and turning them into honeypots that help it find other targets to infect.
Misconfiguration
Y Multiple Industries
CC
>1
Netlab 360, ZHtrap
123
12/03/2021
-
-
Lemon_Duck
Multiple targets
The operators of Lemon_Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers.
Threat actors have start to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams.
Account Takeover
X Individual
CC
>1
Twitter
125
12/03/2021
-
-
?
Undisclosed target
Google fixes a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90.
CVE-2021-21193 Vulnerability
Z Unknown
N/A
N/A
Google, Chrome, CVE-2021-21193
126
12/03/2021
-
-
?
WeLeakInfo
A user on a popular hacker forum is selling a database containing highly sensitive information of more than 24,000 customers of the now-defunct illegal online service WeLeakInfo.
Unknown
S Other service activities
N/A
N/A
WeLeakInfo
127
12/03/2021
H2 2020
H2 2020
?
Apple users
Researchers from Kaspersky discover a new version of the XCCSET malware natively compiled for the M1 platform.
Malware
X Individual
CC
>1
Kaspersky, XCCSET, M1, Apple
128
12/03/2021
12/3/2021
12/3/2021
?
Buffalo Public Schools
Buffalo Public Schools is forced to cancel both remote and in-person learning due to a ransomware attack.
Malware
P Education
CC
US
Buffalo Public Schools
129
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed Law Firm
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
M Professional scientific and technical activities
CC
US
REvil, Sodinokibi, eSentire
130
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed Law Firm
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
M Professional scientific and technical activities
CC
US
REvil, Sodinokibi, eSentire
131
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed Architectural Firm
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
M Professional scientific and technical activities
CC
US
REvil, Sodinokibi, eSentire
132
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed Construction Company
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
M Professional scientific and technical activities
CC
US
REvil, Sodinokibi, eSentire
133
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed Agricultural Co-op
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
M Professional scientific and technical activities
CC
US
REvil, Sodinokibi, eSentire
134
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed International Bank
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
K Financial and insurance activities
CC
MX
REvil, Sodinokibi, eSentire
135
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed International Bank in Africa
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
K Financial and insurance activities
CC
N/A
REvil, Sodinokibi, eSentire
136
12/03/2021
-
-
Revil AKA Sodinokibi
Unnamed European manufacturer
Researchers from eSentire reveal the details of a new campaign of attacks by the REvil ransomware gang.
Malware
C Manufacturing
CC
N/A
REvil, Sodinokibi, eSentire
137
12/03/2021
26/2/2020
26/2/2020
?
Sachs Sax Caplan, P.L
Sachs Sax Caplan, P.L discloses a phishing attack.
Account Takeover
K Financial and insurance activities
CC
US
Sachs Sax Caplan, P.L
138
12/03/2021
Between 06/01/2021 and 17/01/2021
12/1/2021
?
Colorado Retina Associates
Colorado Retina Associates notifies 26,609 patients that an unauthorized party gained access to employee work email accounts.
Account Takeover
Q Human health and social work activities
CC
US
Colorado Retina Associates
139
13/03/2021
20/2/2021
20/2/2021
?
Coleman Group of Companies
The Coleman Group of Companies says it was the target of a cyberattack in late February and has reason to believe some of its human resources and payroll files were accessed.
Unknown
K Financial and insurance activities
CC
CA
Coleman Group of Companies
140
13/03/2021
13/3/2021
13/3/2021
Black Shadow
K.L.S. Capital Ltd
Black Shadow reveals to have hacked K.L.S. Capital Ltd.
Unknown
K Financial and insurance activities
CC
IL
Black Shadow K.L.S., Capital Ltd
141
13/03/2021
-
13/3/2021
?
PPS
PPS, a South African insurance and investment advisory company, suffers a cyber attack.
Unknown
K Financial and insurance activities
CC
ZA
PPS
142
13/03/2021
1/6/2020
1/6/2020
?
Security Industry Specialists
Security Industry Specialists discloses a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Security Industry Specialists, ransomware
143
14/03/2021
14/3/2021
14/3/2021
?
Roll
A security breach at cryptocurrency platform Roll allows a hacker to obtain the private key to its hot wallet and steal its contents — worth about $5.7 million.
Unknown
V Fintech
CC
US
Roll
144
14/03/2021
12/3/3021
12/3/3021
?
EDAG Group
Several EDAG Group companies are targeted by a cyber attack.
Unknown
C Manufacturing
CC
DE
EDAG Group
145
14/03/2021
14/3/2021
14/3/2021
?
Single individuals
A new campaign distributes malware via a fake Telegram update.
Malware
X Individual
CC
>1
Telegram
146
15/03/2021
-
-
Hafnium (Chinese APT)
Multiple organizations in the UK.
UK's National Cyber Security Centre (NCSC) officials said they've helped detect and remove malware related to the attack from more than 2,300 machines at businesses in the UK.
National Cyber Security Centre, NCSC, Hafnium, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
CVE-2021-27065
147
15/03/2021
15/3/2021
15/3/2021
Ryuk?
Metropolitan Area of Barcelona (AMB)
The Metropolitan Area of Barcelona, AMB, suspends its digital services after suffering a computer attack that is suspected of being a Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
ES
Metropolitan Area of Barcelona, AMB, Ryuk, Ransomware
148
15/03/2021
-
16/2/2021
?
Vulnerable IoT devices
Researchers from Palo Alto Networks discover a new series of attacks delivering a Mirai variant.
Multiple vulnerabilities
Y Multiple Industries
CC
>1
Palo Alto Networks, Mirai
149
15/03/2021
13/3/2021
13/3/2021
?
South & City College Birmingham
South & City College closes its campus buildings for one week, and advises students that all lessons and lectures will be taking place online, following a ransomware attack.
Malware
P Education
CC
UK
South & City College, Ransomware Birmingham
150
15/03/2021
End of February 2020
End of February 2020
?
Pimpri-Chinchwad Municipal Corporation Smart City
Pimpri-Chinchwad Municipal Corporation Smart City reveals to have been hit by a ransomware attack late last month.
Malware
D Electricity gas steam and air conditioning supply
CC
IN
Pimpri-Chinchwad Municipal Corporation Smart City, ransomware
151
15/03/2021
15/03/2021
15/03/2021
?
Cream Finance
The Cream Finance cryptocurrency portal is hit with a DNS hijacking attack.
DNS Hijacking
V Fintech
CC
TW
Cream Finance
152
15/03/2021
15/03/2021
15/03/2021
?
PancakeSwap
The PancakeSwap cryptocurrency portal is hit with a DNS hijacking attack.
DNS Hijacking
V Fintech
CC
JP
PancakeSwap
153
15/03/2021
Since 13/03/2021
Since 13/03/2021
Nifty Gateway
Multiple users of Nifty Gateway, a marketplace for buying and selling non-fungible tokens (NFTs), report that their accounts had been hacked and then drained of thousands of dollars worth of digital art.
Account Takeover
R Arts entertainment and recreation
CC
>1
Nifty Gateway, non-fungible tokens, NFT
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The Biggest Data Breaches of 2023
Q3 2023 Cyber Attacks Statistics
16-30 September 2023 Cyber Attacks Timeline
Leaky Buckets in 2023
16-31 August 2023 Cyber Attacks Timeline
