It’s time to publish the second cyber attacks timeline of March, covering the main events occurred in the second half of this month. In this timeline I have collected 123 events, with an average rate of 7.7 events per day.
The ProxyLogon vulnerability continue to characterize this period, with new cyber criminal groups trying to capitalize it (such as the Black Kingdom ransomware).
Effectively, ransomware is still the top threat with nearly 23% of events (but they could be many more since too many organizations still do not completely disclose the reason of some unspecified “outages”.
Always related to ransomware is the exploitation of the Accellion FTA 0-day, (carried out by the Clop and FIN11 gangs), whose effect must not be underestimated: eight additional high-profile victims have joined the list in this timeline.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Here’s the first cyber attacks timeline of March, covering the main events occurred in the first half of this month. What an unbelievable period from an infosecurity standpoint! I have collected…
On the Cyber Espionage front, this timeline has seen multiple campaigns carried out by threat actors such as Mustang Panda (AKA RedDelta), targeting multiple telco organizations worldwide, China Chopper (exploiting the ProxyLogon vulnerability), Charming Kitten, the Lazarus Group, and an unspecified “sophisticated threat actor” discovered by Google exploiting 11 0-day vulnerabilities on Android and iOS.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/03/2021
-
-
Clop
Shell
Shell discloses a data breach after attackers compromise the company's secure file-sharing system powered by Accellion File Transfer Appliance (FTA).
Vulnerability
D Electricity gas steam and air conditioning supply
CC
NL/UK
Shell, Clop, Accellion
2
16/03/2021
Since August 2020
-
Mustang Panda AKA RedDelta
Telecommunications providers in Southeast Asia, Europe and the United States.
Researchers from McAfee reveal the details of Operation Diànxùn, a cyber-espionage campaign is targeting telecoms companies around the world.
The Federal Bureau of Investigation (FBI) Cyber Division warns system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.
Malware
P Education
CC
US
Federal Bureau of Investigation, FBI, Pysa, ransomware
4
16/03/2021
Since December 2020
Since December 2020
Multiple actors
Multiple targets
Researchers from Netscout reveal that DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks.
DDoS
Y Multiple Industries
CC
>1
Netscout, Datagram Transport Layer Security, D/TLS, DDoS
5
16/03/2021
First week of March 2021
First week of March 2021
?
Multiple targets
Researchers from Cofense reveal the details of an advanced phishing campaign leveraging the American Rescue Plan to deliver the Dridex malware.
Malware
Y Multiple Industries
CC
US
Cofense, American Rescue Plan, Dridex, COVID-19
6
16/03/2021
16/3/2021
16/3/2021
?
Tri County Public Safety
The Tri County Public Safety is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Tri County Public Safety, Ransomware
7
16/03/2021
-
-
?
Poliklinika IPP
Unknown attackers hack into the systems of three Prague polyclinics.
Unknown
Q Human health and social work activities
CC
CZ
Poliklinika IPP
8
16/03/2021
-
-
?
GitHub users
A Russian threat actor claims to have leaked the data of 190.000 GitHub users in a dark marketplace forum.
Unknown
X Individual
CC
>1
GitHub
9
17/03/2021
-
-
China Chopper
Chile's Comisión para el Mercado Financiero (CMF)
Chile's Comisión para el Mercado Financiero (CMF) discloses that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.
O Public administration and defence, compulsory social security
CE
CL
Chile's Comisión para el Mercado Financiero, CMF, Microsoft Exchange, ProxyLogon, China Chopper, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
CVE-2021-27065
10
17/03/2021
-
-
?
US organizations
The Federal Bureau of Investigation (FBI) warns US private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.
Business Email Compromise
O Public administration and defence, compulsory social security
CC
US
Federal Bureau of Investigation, FBI
11
17/03/2021
-
-
?
Multiple Targets
The FBI and CISA issue a joint warning for a new spear-phishing campaign, attempting to infect PCs with Trickbot.
Malware
Y Multiple Industries
CC
US
FBI, CISA, Trickbot
12
17/03/2021
17/3/2021
17/3/2021
Russia?
Polish National Atomic Energy Agency and Health Ministry
Two Polish government websites are hacked and used briefly to spread false information about a non-existent radioactive threat, in what a Polish government official said had the hallmarks of a Russian cyberattack.
Defacement
O Public administration and defence, compulsory social security
CW
PL
Poland, National Atomic Energy Agency, Health Ministry, Russia
13
17/03/2021
-
-
?
University of Northampton
University of Northampton is hit by a cyber-attack.
Unknown
P Education
CC
UK
University of Northampton hit by cyber-attack
14
17/03/2021
1/8/2020
-
?
Sewell Family of Companies
The Sewell Family of Companies (a car dealership organization) discloses a security breach.
Unknown
S Other service activities
CC
US
Sewell Family of Companies
15
17/03/2021
-
14/1/2021
?
Midlands News Association
The Midlands News Association confirms a “data security incident”, which led to the personal information of former employees being published online.
Unknown
J Information and communication
CC
UK
Midlands News Association
16
17/03/2021
17/3/2021
17/3/2021
?
Nikkei Hong Kong
The Nikkei's Hong Kong affiliate is hit by a phishing attack.
Account Takeover
K Financial and insurance activities
CC
HK
Nikkei Hong Kong
17
17/03/2021
-
-
?
Castle School Education Trust
Some schools in South Gloucestershire are left without access to their IT systems after being subjected to a targeted ransomware attack.
Malware
P Education
CC
UK
Castle School Education Trust, Charfield Primary School, Downend School, Lyde Green Primary School, Mangotsfield School, Marlwood School, Severn Beach Primary School, The Castle School
18
18/03/2021
1/10/2020
-
?
Windows and Android users
Google's Project Zero reveals the details of a second hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with multiple zero-day and n-day exploits.
Researchers from SentinelOne discover a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack.
Targeted Attack
Y Multiple Industries
CE
>1
SentinelOne, iOS, TabBarInteraction, Xcode
20
18/03/2021
During March 2021
During March 2021
?
U.S, Taxpayers
Researchers from Cybereason discover a new campaign targeting the US taxpayers via the REMCOS malware.
Malware
X Individual
CC
US
Cybereason, REMCOS
21
18/03/2021
-
29/1/2021
CopperStealer
Users of Google, Facebook, Amazon, and Apple.
Researchers from Proofpoint discover a previously undocumented account-stealing malware distributed via fake software crack sites, targeting the users of major service providers, including Google, Facebook, Amazon, and Apple.
Malware
X Individual
CC
>1
CopperStealer, Proofpoint, Google, Facebook, Amazon, Apple
22
18/03/2021
Third Week of March 2021
18/3/2021
?
Multiple targets
Cybersecurity firm NCC Group says that it detected successful in the wild exploitation of CVE-2021-22986, a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices.
CVE-2021-22986 Vulnerability
Y Multiple Industries
CC
>1
NCC Group, CVE-2021-22986, F5 BIG-IP, F5 BIG-IQ
23
18/03/2021
16/3/2021
-
?
Eastern Health
Some surgeries are cancelled at Eastern Health facilities, following a "cyber incident"
Unknown
P Education
CC
AU
Eastern Health
24
18/03/2021
Since 2020
During December 2020
SilverFish
4,720 private and government organizations including "Fortune 500 companies
The cybersecurity firm Prodaft reveals that SilverFish, an "extremely skilled" threat group, has been responsible for intrusions at over 4,720 private and government organizations including "Fortune 500 companies, ministries, airlines, defense contractors, audit and consultancy companies, and automotive manufacturers."
Targeted Attack
Y Multiple Industries
CE
>1
Prodaft, SilverFish
25
18/03/2021
-
-
?
Multiple targets
Researchers at Area 1 Security discover a sophisticated and highly targeted Microsoft Office 365 phishing campaign aimed at C-suite executives, executive assistants and financial departments across numerous industries.
Account Takeover
Y Multiple Industries
CC
>1
Area 1 Security, Microsoft 365
26
18/03/2021
-
-
?
Remmers
The chemical company Remmers suffers a cyber attack.
Unknown
M Professional scientific and technical activities
CC
US
Remmers
27
18/03/2021
15/3/2021
15/3/2021
?
Wellington Oral Surgery
Wellington Oral Surgery reveals to have suffered a phishing attack.
Account Takeover
Q Human health and social work activities
CC
NZ
Wellington Oral Surgery
28
19/03/2021
-
-
REvil AKA Sodinokibi
Acer
Computer giant Acer is hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.
Malware
C Manufacturing
CC
TW
REvil, Sodinokibi, Ransomware, Acer
29
19/03/2021
-
-
?
Android users
Researchers from ESET discover a campaign distributing the Android BlackRock malware via a fake Clubhouse app.
Malware
X Individual
CC
>1
ESET, Android BlackRock, Clubhouse
30
19/03/2021
2/3/2021
-
?
Single individuals
Researchers from Kaspersky reveal the details of a phishing campaign leveraging the PlayStation 5 shortage to steal the victims' credentials.
Account Takeover
X Individual
CC
>1
Kaspersky, PlayStation 5
31
19/03/2021
-
-
?
NHS executive Helen Bevan
NHS executive Helen Bevan has her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales.
Account Takeover
X Individual
CC
UK
NHS, Helen Bevan, Twitter, PlayStation 5
32
19/03/2021
-
-
?
Jefit
Jefit releases a public announcement about a cyber-incident that may have exposed customer account information.
Unknown
M Professional scientific and technical activities
CC
US
Jefit
33
19/03/2021
19/3/2021
19/3/2021
?
Maricopa County Community College District
The Maricopa County Community College District announces to cancel classes after a cybersecurity issue forced its network system offline.
Unknown
P Education
CC
US
Maricopa County Community College District
34
19/03/2021
19/3/2021
19/3/2021
?
Celg Geração e Transmissão (Celg GT)
Celg Geração e Transmissão (Celg GT) reports a cyber attack.
Unknown
D Electricity gas steam and air conditioning supply
CC
BR
Celg Geração e Transmissão, Celg GT
35
19/03/2021
Between 12/01/2021 and 18/01/2021
-
?
Cancer Treatment Centers of America
Cancer Treatment Centers of America reveals to have been hit by a phishing attack.
Account Takeover
Q Human health and social work activities
CC
US
Cancer Treatment Centers of America
36
19/03/2021
-
-
?
BP Pulse customers
Criminals have been targeting customers of British electric vehicle charging infrastructure provider BP Pulse with malicious emails. The emails appear to have originated from legitimate BP email accounts.
Account Takeover
X Individual
CC
UK
BP Pulse customers
37
20/03/2021
8/3/2021
-
?
Liker.com
Liker.com, the anti-Trump social Network, is breached and around 400, records are leaked.
Unknown
S Other service activities
CC
US
Liker.com
38
20/03/2021
Between 18/03/2021 and 19/03/2021
19/3/2021
?
California State Controller's Office (SCO)
The California State Controller's Office (SCO) reports that a phishing attack led to a data breach that exposed personnel files and email contacts for more than a day.
Account Takeover
O Public administration and defence, compulsory social security
CC
US
California State Controller's Office, SCO
39
20/03/2021
-
During September 2020
?
Kentucky Wesleyan College
Kentucky Wesleyan College notifies o have experienced a network security incident.
Unknown
P Education
CC
US
Kentucky Wesleyan College
40
21/03/2021
Between 18/03/2021 and 20/03/2021
21/3/2021
Black Kingdom
Vulnerable Exchange Servers
Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Around 1,500 servers are targeted.
Black Kingdom, Ransomware, ProxyLogon, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
CVE-2021-27065
41
21/03/2021
17/3/2021
17/3/2021
holo-gfx
MangaDex
Manga translation site MangaDex is temporarily shut down after suffering a cyberattack and having its source code stolen.
Vulnerability
R Arts entertainment and recreation
CC
N/A
MangaDex, holo-gfx
42
21/03/2021
-
-
China, Russia?
UK Ministry of Defence academy
The UK Ministry of Defence academy is hit by major cyber attack by ‘foreign power’
Unknown
O Public administration and defence, compulsory social security
N/A
UK
UK Ministry of Defence academy, China, Russia
43
21/03/2021
-
11/12/2020
?
Eyemart Express, LLC
Eyemart Express, LLC reveals it was targeted by a phishing attack.
Account Takeover
Q Human health and social work activities
CC
US
Eyemart Express, LLC
44
22/03/2021
17/3/2021
17/3/2021
?
Stratus Technologies
Stratus Technologies suffers a ransomware attack that required systems to be taken offline to prevent the attack's spread.
Malware
C Manufacturing
CC
US
Stratus Technologies, ransomware
45
22/03/2021
During 2020
-
?
Elector Software Ltd
Hackers expose online personal details of 6.5 million Israeli voters, less than 24 hours before the country goes to the polls in the fourth election in the last two years, allegedly stolen from the Elector app.
Unknown
M Professional scientific and technical activities
H
IL
Elector Software Ltd
46
22/03/2021
-
-
?
Android users
Google warns Android users that a recently patched vulnerability (CVE-2020-11261) has been exploited in attacks.
CVE-2020-11261 Vulnerability
X Individual
N/A
>1
Google, Android, CVE-2020-11261
47
22/03/2021
-
-
?
Vulnerable ColdFusion servers
Adobe releases security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) exploited in the wild.
CVE-2021-21087 vulnerability
Y Multiple Industries
CC
>1
Adobe, ColdFusion, CVE-2021-21087
48
22/03/2021
-
-
?
Google Chrome users
Researchers at Cato Networks discover two dozen malicious Google Chrome browser extensions and 40 associated malicious domains used to introduce adware, steal credentials, or redirect victims to malware distribution sites.
Malicious Browser Extension
X Individual
CC
>1
Cato Networks, Google Chrome
49
22/03/2021
"Late Winter" 2021
-
?
Multiple targets
Researchers at INKY warn of phishing emails featuring COVID-related lures and content inspired by some of the pandemic’s latest developments.
Account Takeover
Y Multiple Industries
CC
>1
INKY, COVID-19
50
22/03/2021
19/3/2021
19/3/2021
?
Railway Administration in the Czech Republic
The Railway Administration in the Czech Republic is hit with a cyber attack.
DeCotiis, FitzPatrick, Cole & Giblin, LLP (“DFCG”) provides notice of a phishing incident.
Account Takeover
M Professional scientific and technical activities
CC
US
DeCotiis, FitzPatrick, Cole & Giblin, LLP, DFCG
52
22/03/2021
22/3/2021
22/3/2021
?
Park Hill School District
The Park Hill School District is forced to cancel classes due to a malware attack.
Malware
P Education
CC
US
Park Hill School District
53
22/03/2021
14/3/2021
14/3/2021
?
Spargo
Spargo, an event management firm, is hit with a cyber attack.
Malware
N Administrative and support service activities
CC
US
Spargo
54
23/03/2021
20/3/2021
20/3/2021
?
Sierra Wireless
Sierra Wireless, a world-leading IoT solutions provider, discloses a ransomware attack that forces to halt production at all manufacturing sites.
Malware
C Manufacturing
CC
CA
Sierra Wireless, ransomware
55
23/03/2021
21/3/2021
21/3/2021
Evil Corp
CNA Financial
Insurance giant CNA suffers a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group.
Industrial giant Honeywell reveals that some of its IT systems were disrupted as a result of a recent malware attack.
Malware
M Professional scientific and technical activities
CC
US
Honeywell
57
23/03/2021
17/1/2021
-
Conti
FatFace
British clothing brand FatFace sends a controversial 'confidential' data breach notification to customers after suffering a Conti ransomware attack earlier this year.
Malware
G Wholesale and retail trade
CC
UK
FatFace, Conti, Ransomware
58
23/03/2021
-
-
Clop
University of Miami
The University of Miami joins the list of the victims of the Accellion breach.
Vulnerability
P Education
CC
US
University of Miami, Clop, Accellion
59
23/03/2021
End of 2020
End of 2020
Purple Fox
Exposed Windows servers
Researchers from Guardicore Labs identify a new infection vector of the Purple Fox malware targeting internet-facing Windows via SMB password brute force.
Brute-Force
Y Multiple Industries
CC
>1
Guardicore Labs, Purple Fox, SMB
60
23/03/2021
During March 2021
During March 2021
Compact
Users of Outlook Web Access and Microsoft 365
Researchers from Microsoft discover a new version of the Compact campaign abusing new legitimate services to bypass secure email gateways.
Account Takeover
Y Multiple Industries
CC
>1
Microsoft, Compact
61
23/03/2021
During December 2020
-
?
Avianis
Private aviation services provider Solairus Aviation announces that some employee and customer data was compromised in a security incident at third-party vendor Avianis.
Misconfiguration
M Professional scientific and technical activities
CC
US
Solairus, Avianis
62
23/03/2021
-
-
Mamba
Multiple targets
The FBI publishes an alert for the Mamba ransomware, abusing the DiskCryptor open source tool to encrypt entire drives.
Malware
Y Multiple Industries
CC
US
FBI, Mamba, ransomware, DiskCryptor
63
23/03/2021
-
-
Babuk
PDI Group
The Babuk ransomware gang leaks 700 GB of data belonging to PDI Group, a US military contractor.
Malware
C Manufacturing
CC
US
Babuk, ransomware, PDI Group
64
23/03/2021
Between 24/09/2020 and 27/09/2020
27/9/2020
?
Haven Behavioral Hospital
Haven Behavioral Hospital provides notice of a "cyber security incident".
Unknown
Q Human health and social work activities
CC
US
Haven Behavioral Hospital
65
23/03/2021
-
-
Multiple actors
Multiple targets
Researchers from Akamai reveals that threat actors are abusing the Datagram Congestion Control Protocol (DCCP) to launch DDoS attacks.
DDoS
Y Multiple Industries
CC
>1
Akamai, Datagram Congestion Control Protocol, DCCP
66
24/03/2021
-
-
Earth Empusa AKA Evil Eye
Uyghurs activists, journalists, and dissidents living outside China
Facebook takes down accounts used by a Chinese-sponsored hacking group to deploy surveillance malware on devices used by Uyghurs activists, journalists, and dissidents living outside China.
Targeted Attack
X Individual
CE
CN
Earth Empusa, Evil Eye, Facebook, China, Uyghurs
67
24/03/2021
-
-
?
QNAP devices
QNAP warns customers of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urges them to enhance their security as soon as possible.
Brute-Force
Y Multiple Industries
CC
>1
QNAP
68
24/03/2021
During March 2021
23/3/2021
?
Vulnerable WordPress servers
Researchers from Defiant reveal that two vulnerabilities affecting the Thrive Theme plugin (over 100,000 sites) are currently exploited by attackers.
WordPress plugin vulnerability vulnerabilities
Y Multiple Industries
CC
>1
Defiant, Thrive Theme, WordPress
69
24/03/2021
22/3/2021
22/3/2021
?
MND
MND reveals to have been hit by a cyber attack.
Unknown
M Professional scientific and technical activities
CC
FR
MND
70
24/03/2021
Duding December 2019
-
?
PCS Revenue Control Systems, Inc
PCS Revenue Control Systems, Inc notifies multiple schools to have suffered a data breach in December 2019. The list of victims include: Polk County Schools, Alachua County Schools, Dekalb Schools.
Unknown
M Professional scientific and technical activities
CC
US
PCS Revenue Control Systems, Polk County Schools, Alachua County Schools, Dekalb Schools
71
24/03/2021
15/3/2021
-
?
SalusCare
SalusCare, a substance abuse and mental health services provider, discloses an attack impacting both patient and employee data.
Unknown
Q Human health and social work activities
CC
US
SalusCare
72
24/03/2021
Between 27/11/2020 and 09/01/2021
23/1/2021
?
Mott Community College
Mott Community College announces to have identified and addressed a data security breach.
Unknown
P Education
CC
US
Mott Community College
73
24/03/2021
20/3/2021
20/3/2021
?
City of Frankfort
The City of Frankfort is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Frankfort, Ransomware
74
24/03/2021
25/03/2020
-
Pysa
Gering Public Schools
Gering Public Schools join the list of the Pysa ransomware attack.
Malware
P Education
CC
US
Gering Public Schools, Pysa, ransomware
75
25/03/2021
-
26/1/2021
?
Astoria Company LLC
30M records from Astoria Company LLC, a Lead Generation company are leaked in the DarkWeb.
Misconfiguration
N Administrative and support service activities
CC
US
Astoria Company LLC
76
25/03/2021
-
25/3/2021
?
RDC
RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, confirms a data breach after the personal and vehicle details of 7.5 millions of Dutch car owners are posted for sale on a well-known cybercrime forum.
Unknown
N Administrative and support service activities
CC
NL
RDC
77
25/03/2021
-
27/1/2021
?
Undisclosed MSP
Personal Touch Holding Corp. (PTHC) announces to suffered a data breach, after its MSP is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Personal Touch Holding Corp, PTHC, ransomware
78
25/03/2021
5/3/2021
5/3/2021
?
City of Alton
The City of Alton confirms to have been hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Alton
79
25/03/2021
25/3/2021
25/3/2021
?
U.S. Virgin Islands Government
The U.S. Virgin Islands Government investigates a possible cyber attack to the Recorder of Deeds and Cadastral Divisions.
Unknown
O Public administration and defence, compulsory social security
CC
US
U.S. Virgin Islands, Recorder of Deeds and Cadastral Divisions
80
26/03/2021
-
-
Ghostwriter (Russian actor)
German Parliament (Bundestag)
Email accounts of multiple German Parliament members are targeted in a spearphishing attack. It is not yet known if any data was stolen during the incident.
Targeted Attack
O Public administration and defence, compulsory social security
CE
DE
German Parliament, Bundestag, Ghostwriter
81
26/03/2021
-
-
?
Android users
Researchers from Zimperium discover a new Android malware in disguise of a System Update, with extensive spyware capabilities steals data, and designed to automatically trigger whenever new info is ready for exfiltration.
Malware
X Individual
CC
>1
Zimperium, Android, System Update
82
26/03/2021
Over 2 years
-
Multiple actors
Multiple targets
Researchers from Palo Alto Networks discover more than two-dozen containers on Docker Hub, downloaded more than 20 million times, and infected with malware for cryptojacking operations spanning at least two years.
Malware
Y Multiple Industries
CC
>1
Palo Alto Networks, Docker Hub
83
26/03/2021
Since December 2020
Since December 2020
Hades
Undisclosed transport & logistics company
Researchers from Accenture reveal the details of the latest Hades ransomware campaign targeting an undisclosed transport & logistics company in the US.
Malware
H Transportation and storage
CC
US
Accenture, Hades, Ransomware
84
26/03/2021
Since December 2020
Since December 2020
Hades
Undisclosed consumer products retailer
Researchers from Accenture reveal the details of the latest Hades ransomware campaign targeting an undisclosed consumer products retailer in the US.
Malware
G Wholesale and retail trade
CC
US
Accenture, Hades, Ransomware
85
26/03/2021
Since December 2020
Since December 2020
Hades
Undisclosed global manufacturer
Researchers from Accenture reveal the details of the latest Hades ransomware campaign targeting an undisclosed global manufacturer in the US.
Malware
C Manufacturing
CC
US
Accenture, Hades, Ransomware
86
26/03/2021
-
-
?
iOS users
Apple releases new out-of-band updates for iOS, iPadOS, macOS and watchOS to address another zero‑day flaw, tracked CVE-2021-1879, actively exploited.
Redborne Upper School and Community College is disrupted by a cyber attack.
Unknown
P Education
CC
UK
Redborne Upper School and Community College
88
26/03/2021
-
-
?
Healthgrades Operating Company
Healthgrades Operating Company suffers a security breach in its platform, and several companies are impacted including Lexington Medical Center.
Unknown
M Professional scientific and technical activities
CC
US
Healthgrades Operating Company, Lexington Medical Center.
89
27/03/2021
27/3/2021
27/3/2021
?
Harris Federation
London-based nonprofit multi-academy trust Harris Federation is taken down by a ransomware attack.
Malware
P Education
CC
UK
Harris Federation, Ransomware
90
27/03/2021
9/3/2021
9/3/2021
Conti
Broward County Public Schools
The Broward County Public Schools is hit with a Conti ransomware attack, asking for a $40 million ransom.
Malware
P Education
CC
US
Broward County Public Schools, Conti, ransomware
91
27/03/2021
25/3/2021
25/3/2021
?
Santé de l’Ouest
The healthcare institute Santé de l’Ouest is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
FR
Santé de l’Ouest, ransomware
92
27/03/2021
26/3/2021
26/3/2021
Babuk
YposKesi
The Babuk ransomware operators claim responsibility for the intrusion and theft of 23 GB of data from YposKesi’s computer system.
Malware
Q Human health and social work activities
CC
FR
Babuk, YposKesi, ransomware
93
27/03/2021
25/3/2021
25/3/2021
?
Yemeksepeti
Yemeksepeti, an online food delivery chain in Turkey and Cyprus, suffers a cyber attack.
Unknown
I Accommodation and food service activities
CC
TR
Yemeksepeti
94
27/03/2021
21/3/2021
21/3/2021
?
Town of Didsbury
The Town of Didsbury is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Town of Didsbury, ransomware
95
28/03/2021
28/3/2021
28/3/2021
?
Channel Nine
A ransomware attack hits the Australian Channel Nine’s live broadcasts causing the disruption of its operations, despite the reason seems a retaliatory act.
Malware
J Information and communication
CW
AU
Channel Nine, ransomware
96
29/03/2021
During December 2020
-
Clop
University of Maryland, Baltimore
The Clop cyber criminal group leaks the data belonging to the University of Maryland stolen exploiting the Accellion vulnerability.
Vulnerability
P Education
CC
US
Clop, University of Maryland, Accellion, Baltimore
97
29/03/2021
During December 2020
-
Clop
University of California Merced
The Clop cyber criminal group leaks the data belonging to the University of California stolen exploiting the Accellion vulnerability.
Vulnerability
P Education
CC
US
Clop, University of California Merced, Accellion
98
29/03/2021
-
-
Clop
Stanford University
The Clop cyber criminal group leaks the data belonging to the Stanford University stolen exploiting the Accellion vulnerability.
Vulnerability
P Education
CC
US
Clop, Stanford University, Accellion
99
29/03/2021
-
-
Clop
Yeshiva University
The Clop cyber criminal group leaks the data belonging to the Yeshiva University stolen exploiting the Accellion vulnerability.
Vulnerability
P Education
CC
US
Clop, Yeshiva University, Accellion
100
29/03/2021
During February 2021
During February 2021
?
Undisclosed European gambling company.
Researchers from Akamai reveal that in February they dealt with a 800 Gbps+ attack against a European gambling company.
DDoS
R Arts entertainment and recreation
CC
EU
Akamai
101
29/03/2021
28/3/2021
28/3/2021
?
PHP Users
In a new software supply chain attack, the official PHP Git repository is hacked and the code base infected with backdoors
Malware
Y Multiple Industries
CC
>1
PHP
102
29/03/2021
21/3/2021
21/3/2021
ALTDOS
Vhive
Vhive, a popular retail furniture chain in Singapore, posts a notice on their web site and Facebook page announcing a cyberattack.
Senior medical professionals in the United States and Israel
Researchers from Proofpoint reveal the details of BadBlood, a cyber espionage campaign carried out by malicious actors from Iran, targeting senior medical professionals in the United States and Israel
MobiKwik says it is investigating claims of data breach after a website claimed to have exposed private information of nearly 100 million users of the Indian mobile payments startup.
Misconfiguration
K Financial and insurance activities
CC
IN
MobiKwik
105
30/03/2021
Since mid-March 2021
Mid-March 2021
?
Educational Institutions in the US
The Internal Revenue Service (IRS) warns of ongoing phishing attacks impersonating the IRS and targeting educational institutions.
Account Takeover
P Education
CC
US
Internal Revenue Service, IRS
106
30/03/2021
Since February 2021
1/2/2021
Multiple actors
Multiple financial companies in the US
New York's Department of Financial Services (DFS) warns of an ongoing series of attacks resulting in the theft of personal information belonging to hundreds of thousands of New Yorkers.
>1
K Financial and insurance activities
CC
US
New York's Department of Financial Services, DFS
107
30/03/2021
30/3/2021
30/3/2021
?
Brown University
Brown University disables systems and cuts connections to the data center after suffering a cyberattack.
Unknown
P Education
CC
US
Brown University
108
30/03/2021
Second half of March 2021
Second half of March 2021
?
Vulnerable WordPress servers
Security researchers discover a counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware.
Malicious WordPress plugin
Y Multiple Industries
CC
>1
jQuery Migrate, WordPress
109
30/03/2021
15/3/2021
15/3/2021
?
Undisclosed organization
Researchers from Armorblox reveal the details of an evasive phishing campaign pretending that the victim's Facebook account has been locked.
Account Takeover
Z Unknown
CC
N/A
Armorblox, Facebook
110
30/03/2021
2/3/2021
2/3/2021
?
Undisclosed organization
Researchers from Armorblox reveal the details of an evasive phishing campaign stealing Microsoft 365 credentials.
Account Takeover
Z Unknown
CC
N/A
Armorblox, Microsoft 365
111
30/03/2021
2/3/2021
2/3/2021
?
Undisclosed organization
Researchers from Armorblox reveal the details of an evasive phishing campaign pretending that the victim's Apple ID account has been locked.
Account Takeover
Z Unknown
CC
N/A
Armorblox, Apple
112
30/03/2021
30/3/2021
30/3/2021
?
Evangelical Hospital in Lippstadt
The Evangelical Hospital in Lippstadt stops to accept patients after it is hit by a cyber attack.
Unknown
Q Human health and social work activities
CC
DE
Evangelical Hospital in Lippstadt
113
30/03/2021
-
-
REvil AKA Sodinokibi
MBA Group
MBA Group, a print group, is hit with a REvil ransomware attack.
Malware
M Professional scientific and technical activities
CC
UK
MBA Group, REvil ransomware, Sodinokibi
114
31/03/2021
Since mid-March 2021
17/3/2021
Lazarus Group AKA Hidden Cobra
Security Industry Specialists
Google's Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts.
Italian menswear premium brand Boggi Milano is hit with a Ragnarok ransomware attack. 40Gb of data is allegedly stolen.
Malware
G Wholesale and retail trade
CC
IT
Boggi Milano, Ragnarok, ransomware
116
31/03/2021
Since January 2021
Since January 2021
BazarCall
Single individuals
Security researchers discover a new malware dubbed 'BazarCall', distributed via call centers.
Malware
Y Multiple Industries
CC
>1
BazarCall
117
31/03/2021
-
-
?
Video Game Players
Researchers from Cisco Talos discover a new campaign targeting video game players and other PC modders with infostealers
Unknown
X Individual
CC
>1
Cisco Talos
118
31/03/2021
-
-
?
Call of Duty: Warzone' players
Researchers from Activision warn that hackers hid malware inside a cheat for Call of Duty: Warzone.
Malware
X Individual
CC
>1
Activision, Call of Duty: Warzone'
119
31/03/2021
Since March 2021
-
?
Single individuals
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.
Account Takeover
X Individual
CC
US
US Department of Justice, COVID-19, Vaccine
120
31/03/2021
-
-
?
Indonesia’s major banks
Researchers from Group-IB warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter.
Account Takeover
K Financial and insurance activities
CC
ID
Group-IB
121
31/03/2021
31/3/2021
31/3/2021
?
City of Angermünde
The City of Angermünde is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
DE
City of Angermünde
122
31/03/2021
31/3/2021
31/3/2021
Pierre Fabre
Multiple targets
The Pierre Fabre pharmaceutical company shuts down following a cyberattack
Unknown
M Professional scientific and technical activities
CC
FR
Pierre Fabre
123
31/03/2021
-
-
Clop
University of California
The University of California joins the list of the victims hit via the exploitation of the Accellion FTA vulnerability.
Vulnerability
P Education
CC
US
University of California, Accellion FTA, Clop
124
31/03/2021
-
-
Clop
University of California Davis
The University of California Davis joins the list of the victims hit via the exploitation of the Accellion FTA vulnerability.
Vulnerability
P Education
CC
US
University of California Davis, Accellion FTA, Clop
125
31/03/2021
-
-
?
French Taxpayers
A phishing campaign targets the French taxpayers for the Tax Season.
Account Takeover
X Individual
CC
FR
France
126
31/03/2021
During January 2021
-
?
Wegmans
Wegmans notifies customers of a credential stuffing attacks using credentials stolen from other online services and affecting more than 2,7000 accounts.
Credential stuffing
G Wholesale and retail trade
CC
US
Wegmans
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Last but not least, on the cyber crime front,another important trend to consider is the occurrence of new mega breaches targeting organizations in India, Israel, The Netherlands, and the US.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…