The first timeline of April is finally out! In this timeline I have collected 117 events, with an average rate of 7.7 events per day. A daily value in line with the previous month that seem to show a decreasing trend compared to the average value of the latest 12 months.
Unsurprisingly, ransomware is still the top threat with nearly 32% of events (but as I always point out they could be many more since too many organizations still do not completely disclose the reason of some unspecified “outages”).
The aftermaths of the exploitation of the Accellion FTA 0-day, (carried out by the Clop and FIN11 gangs) continue to be present, despite the effect is progressively diminishing.
What are not diminishing are the mega breaches, with new victims joining the list.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
What seems to also decrease the number of events motivated by cyber espionage. Despite threat actors continue to exploit vulnerabilities of remote access technologies, the list seems to be shorter compared with the numbers we have been used to in the previous timelines.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/04/2021
31/3/2021
31/3/2021
REvil AKA Sodinokibi
Pierre Fabre
Pierre Fabre suffers a REvil ransomware attack where the threat actors initially demanded a $25 million ransom.
Malware
M Professional scientific and technical activities
CC
FR
Pierre Fabre, REvil AKA Sodinokibi, ransomware
2
01/04/2021
Early February 2021
-
?
Manhunt
Manhunt, a gay dating app that claims to have 6 million male members, confirms it was hit by a data breach in February after a hacker gained access to the company’s accounts database.
Unknown
R Arts entertainment and recreation
CC
US
Manhunt
3
01/04/2021
30/3/2021
30/3/2021
Doppelpaymer
Municipality of Brescia
The Municipality of Brescia is hit with a Doppelpaymer ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
IT
Brescia, Ransomware, Doppelpaymer
4
01/04/2021
-
-
Doppelpaymer
Municipality of Rho
The Municipality of Rho is hit with a Doppelpaymer ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
IT
Rho, Ransomware, Doppelpaymer
5
01/04/2021
1/4/2021
1/4/2021
?
J&B Importers
J&B Importers is hit with a ransomware attack.
Malware
N Administrative and support service activities
CC
US
J&B Importers, ransomware
6
01/04/2021
25/2/2021
25/2/2021
?
Affton School District
The Affton School District discloses a ransomware attack.
Malware
P Education
CC
US
Affton School District, ransomware
7
02/04/2021
-
-
Multiple APTs
Multiple targets
The FBI and CISA warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS devices using multiple exploits.
Asteelflash, a leading French electronics manufacturing services company, suffers a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom.
Malware
C Manufacturing
CC
FR
Revil, Sodinokibi, Ransomware, Asteelflash
9
02/04/2021
Since March 2021
2/4/2021
?
Multiple GitHub servers
GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack.
Misconfiguration
Y Multiple Industries
CC
>1
GitHub Actions
10
02/04/2021
Since December 2020
-
?
Multiple Charity Organizations
Researchers from Ironscale discover a massive phishing campaign impersonating the MacKenzie Bezos-Scott grant foundation promising financial benefits to recipients in exchange of a processing fee.
Malicious Spam
Q Human health and social work activities
CC
US
MacKenzie Bezos-Scott Foundation, Ironscale
11
02/04/2021
Since March 2021
-
?
Robinhood customers
Attackers are impersonating the stock-trading broker Robinhood using fake websites to steal credentials as well as sending emails with malicious tax files.
Account Takeover
K Financial and insurance activities
CC
US
Robinhood
12
02/04/2021
Between 01/11/2020 and 16/11/2020
16/11/2020
?
Manquen Vance
Manquen Vance is hit with a phishing attack.
Account Takeover
N Administrative and support service activities
CC
US
Manquen Vance
13
02/04/2021
Between 28/01/2021 and 04/02/2021
4/2/2021
?
Squirrel Hill Health Center
Squirrel Hill Health Center is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Squirrel Hill Health Center, ransomware
14
02/04/2021
During February 2021
During February 2021
?
Home Hardware Stores
Home Hardware Stores acknowledges to have been hit by a ransomware attack in February.
Malware
G Wholesale and retail trade
CC
CA
Home Hardware Stores, ransomware
15
02/04/2021
End of March 2021
-
?
Unix Auto SRL
Unix Auto SRL, a supplier of car parts in Romania, is hit with a ransomware attack.
Malware
N Administrative and support service activities
CC
RO
Unix Auto SRL, ransomware
16
02/04/2021
-
31/3/2021
Clop
University of California, Berkeley (UC Berkeley)
The University of California, Berkeley (UC Berkeley) confirms it suffered a data breach, becoming another victim of the Accellion cyber-attack.
Vulnerability
P Education
CC
US
University of California Berkeley, (UC Berkeley, Accellion
17
03/04/2021
30/3/2021
30/3/2021
?
Applus Technologies
A malware attack on emissions testing company Applus Technologies prevents vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin.
Malware
M Professional scientific and technical activities
CC
US
Applus Technologies
18
03/04/2021
3/4/2021
3/4/2021
?
National College of Ireland (NCI)
The National College of Ireland is hit with a ransomware attack.
Malware
P Education
CC
IE
National College of Ireland, NCI, ransomware
19
04/04/2021
12/1/2021
28/1/2021
?
La Clinica de la Raza
La Clinica de la Raza is hit with a malware attack.
Malware
Q Human health and social work activities
CC
US
La Clinica de la Raza
20
04/04/2021
-
31/3/2021
?
Epilepsy Florida
Epilepsy Florida reveals to have been hit by the Blackbaud breach.
Malware
Q Human health and social work activities
CC
US
Epilepsy Florida, Blackbaud, ransomware
21
05/04/2021
-
14/3/2021
?
OnlyFans
Private videos and images from hundreds of OnlyFans accounts are leaked online.
Unknown
S Other service activities
CC
UK
OnlyFans
22
05/04/2021
-
-
Cycldek (AKA Goblin Panda, APT27, Conimes)
Government and military entities in Vietnam
Researchers from Kaspersky reveal that China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam.
Security researchers from eSentire discover a new campaign distributing the more_eggs backdoor via unsolicited job offers on Linkedin.
Malware
X Individual
CC
>1
eSentire, more_eggs, Linkedin
24
05/04/2021
Between 23/06/2020 and 09/07/2020
18/8/2020
?
Administrative Advantage
Administrative Advantage, a company providing support services to healthcare providers, notifies to have suffered a phishing attack on July 2020.
Account Takeover
N Administrative and support service activities
CC
US
Administrative Advantage
25
05/04/2021
20/9/2021
29/1/2021
Clop
Trinity Health
Trinity Health reports that 580,000 patients have been affected by the Accellion data breach.
Vulnerability
Q Human health and social work activities
CC
US
Trinity Health, Clop, Accellion
26
05/04/2021
Between October 2019 and September 2020.
17/12/2020
?
Centers for Advanced Orthopaedics
Centers for Advanced Orthopaedics notifies 125,291 patients, employees and dependents of a cyberattack that took place over a yearlong breach.
Account Takeover
Q Human health and social work activities
CC
US
Centers for Advanced Orthopaedics
27
06/04/2021
Between the end of March and the beginning of April 2021
-
?
European Union
A range of European Union institutions including the European Commission are hit by a "significant cyber-attack", a spokesperson reveals.
Unknown
U Activities of extraterritorial organizations and bodies
N/A
EU
European Union
28
06/04/2021
Between 04/02/2019 and 04/08/2019
-
?
Cardpool.com
A Russian hacker sells on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. The cards are allegedly stolen from Cardpool.com.
Unknown
K Financial and insurance activities
CC
US
Cardpool.com
29
06/04/2021
-
-
Multiple actors
Multiple targets
Researchers from Onapsys reveal that threat actors are targeting mission-critical SAP applications, exposing the networks of commercial and government organizations to attacks.
The Technological University of Dublin is hit with a ransomware attack.
Malware
P Education
CC
IE
Technological University of Dublin, ransomware
31
06/04/2021
Since 27/03/2021
-
?
Owners of Gigaset Android Phones
Researchers from Malwarebytes reveal that owners of Gigaset Android phones have been repeatedly infected with malware, after threat actors compromised the vendor's update server in a supply-chain attack.
Facebook announces it has removed 14 networks in 11 countries for using fake accounts, including one linked to Mojahedin-e Khalq an exiled militant Iranian group operating a troll farm out of Albania.
Fake Social Networks Accounts
O Public administration and defence, compulsory social security
CW
IR
Facebook, Mojahedin-e Khalq, Iran, Albania
33
06/04/2021
-
-
?
Multiple sectors in Brazil, including healthcare, engineering, retail, finance, and manufacturing, and government.
Researchers from ESET reveal the details of Janeleiro, a trojan focused in Brazil.
Malware
Y Multiple Industries
CC
BR
ESET, Janeleiro
34
06/04/2021
-
12/3/2021
?
i-vic International
A malware infects the email account of an employee at i-vic International, leading to the unauthorised access of the mailbox, which had personal data of the affected 30,000 individuals.
Account Takeover
N Administrative and support service activities
CC
SG
i-vic International
35
06/04/2021
Since 2020
-
APT-C-23
Political opponents in Palestine
Researchers from Cado Security reveal th details of a cyber espionage campaign targeting political opponents in Palestine using voice changing software.
Targeted Attack
X Individual
CE
PS
Cado Security, APT-C-23
36
06/04/2021
During March 2021
During March 2021
Multiple actors
Multiple targets
Researchers at Intel 471 report cybercriminal gangs are using a newly discovered malicious document builder called "EtterSilent" to create malicious documents that can be deployed in phishing attacks, including the distribution of an updated version of TrickBot.
Malware
Y Multiple Industries
CC
>1
Intel 471, EtterSilent, TrickBot
37
06/04/2021
-
Late March 2021
?
Government institutions in the country of Georgia
Researchers at Malwarebytes discover the Saint Bot dropper, as they have named it, being used as part of the infection chain in targeted campaigns against government institutions in the country of Georgia.
Targeted Attack
O Public administration and defence, compulsory social security
CE
GE
Saint Bot, Malwarebytes
38
06/04/2021
Between 14/01/2021 and 31/01/2021
-
?
Bricker & Eckler LLP
Bricker & Eckler LLP reveals to have been hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Bricker & Eckler LLP, ransomware
39
06/04/2021
6/4/2021
6/4/2021
?
City of El Monte
City Hall computers at the City of El Monte are replaced after an unauthorized access.
Unknown
O Public administration and defence, compulsory social security
CC
US
City of El Monte
40
06/04/2021
Between 07/01/2021 and 25/01/2021
24/3/2021
?
California Health & Wellness
California Health & Wellness joins the list of the victims of the Accellion breach.
Vulnerability
Q Human health and social work activities
CC
US
California Health & Wellness, Accellion
41
07/04/2021
-
-
Cring (AKA Crypt3r, Vjiszy1lo, Ghost, Phantom)
Industrial enterprises in European countries
Researchers from Kaspersky reveal that ransomware attackers from the Cring group are exploiting Internet-exposed Fortigate SSL VPN servers unpatched against the CVE-2018-13379 vulnerability.
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers.
Malicious Script Injection
Y Multiple Industries
CC
>1
VISA, web shells
43
07/04/2021
-
-
?
Android users
Researchers from Check Point discover an Android malware on Google’s Play Store disguised as A Netflix tool dubbed FlixOnline, designed to auto-spread using WhatsApp auto-replies to incoming messages.
Malware
X Individual
CC
>1
Check Point, Android, Google’s Play Store, Netflix, WhatsApp, FlixOnline
44
07/04/2021
-
-
?
Android users on Huawei devices
Researchers from Doctor Web reveal that more than 500,000 Huawei users have downloaded from the company’s official Android store AppGallery applications infected with Joker.
Malware
X Individual
CC
>1
Doctor Web, Huawei, Android, AppGallery, Joker
45
07/04/2021
-
Since December 2020
The Yanbian group
South Korean users
The RiskIQ team discovers a new wave of 377 Android banking trojans developed by the Yanbian gang.
Malware
K Financial and insurance activities
CC
KR
RiskIQ, Android, Yanbian
46
07/04/2021
Since January 2021
-
?
Single individuals
Researchers from Uptycs reveal the details of an ongoing IcedID campaign using Microsoft Excel xlsm documents with Excel 4 Macros and techniques to hinder analysis.
Malware
X Individual
CC
>1
Uptycs, IcedID, Microsoft Excel
47
07/04/2021
Early January 2021
-
?
Symatrix
Payroll provider Symatrix discloses to have been hit with a ransomware attack.
Malware
N Administrative and support service activities
CC
UK
Symatrix, ransomware
48
07/04/2021
7/4/2021
7/4/2021
?
Municipality of Olomouc
The Czech municipality of Olomouc is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CZ
Municipality of Olomouc, ransomware
49
07/04/2021
7/4/2021
7/4/2021
?
Georg Wieser’s Türnitzer “Nah & Frisch”
Georg Wieser’s Türnitzer “Nah & Frisch” is hit with a ransomware attack.
Malware
G Wholesale and retail trade
CC
AT
Georg Wieser’s Türnitzer “Nah & Frisch”, ransomware
50
07/04/2021
1/3/2021
1/3/2021
?
Atlantic Media
Atlantic Media reveals to have suffered an unauthorized access.
Unknown
J Information and communication
CC
US
Atlantic Media
51
07/04/2021
7/4/2021
7/4/2021
?
Haverhill Public Schools
A ransomware attack forces the Haverhill Public Schools to cancel classes.
Malware
P Education
CC
US
Ransomware, Haverhill Public Schools
52
07/04/2021
6/4/2021
6/4/2021
?
City of Vallauris Golfe-Juan
The City of Vallauris Golfe-Juan is hit by a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
FR
City of Vallauris Golfe-Juan
53
08/04/2021
During June 2020
During June 2020
Lazarus Group AKA Hidden Cobra
South African freight logistics company
Researchers from ESET discover a new campaign carried out by the Lazarus Group, using a new malware with backdoor capabilities dubbed Vyveva in a targeted attacks against a South African freight logistics company.
Targeted Attack
H Transportation and storage
CC
ZA
ESET, Vyveva, Lazarus Group, Hidden Cobra
54
08/04/2021
-
-
?
Multiple targets
Researchers from Trustwave discover a phishing campaign using a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.
Account Takeover
Y Multiple Industries
CC
>1
Trustwave, Microsoft 365, HTML
55
08/04/2021
-
-
?
Swarmshop
600,000 stolen credit cards emerge after the database of Swarmshop, an underground marketplace, is leaked.
Unknown
S Other service activities
CC
N/A
Swarmshop
56
08/04/2021
-
-
?
Single individuals
A new tech support scam pretends to be from Microsoft, McAfee, and Norton, targeting users with fake antivirus billing renewals in a large-scale email campaign.
Malicious Spam
X Individual
CC
>1
Support scam, Microsoft, McAfee, Norton
57
08/04/2021
During January 2021
-
?
CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC)
CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) reveals to have suffered a data breach carried out by what it described as a “foreign cybercriminal” group in January.
Unknown
Q Human health and social work activities
N/A
US
CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia, CHPDC
58
08/04/2021
Between 30/03/2020 and 06/11/2020
11/3/2021
?
The American Society for Clinical Pathology (ASCP)
The American Society for Clinical Pathology (ASCP) discloses a payment card incident that impacted customers who entered payment info on its e-commerce website.
Malicious Script Injection
N Administrative and support service activities
CC
US
American Society for Clinical Pathology, ASCP
59
08/04/2021
Since February 2021
16/2/2021
?
Educational institutions in Washington State
An advisory released by Palo Alto Network's Unit 42 team reveals that cryptojacking incidents have recently taken place against educational institutions in Washington State.
Malware
P Education
CC
US
Palo Alto Networks, Crypto
60
08/04/2021
2/4/2021
2/4/2021
?
Axios Italia
Axios Italia, the provider of one of the most used electronic register applications by Italian schools, Axios RE, is offline due to a ransomware attack.
Malware
M Professional scientific and technical activities
CC
IT
Axios Italia, ransomware
61
08/04/2021
Since December 2020
-
Sysrv
Vulnerable Windows and Linux devices
Researchers from Juniper reveal the details of Sysrv, a newly discovered cryptomining botnet targeting Windows and Linux devices.
Multiple vulnerabilities
Y Multiple Industries
CC
>1
Juniper, Sysrv, Crypto, Windows, Linux
62
08/04/2021
Since March 2020
During March 2021
?
Android users in India
Resarchers from Zscaler reveal the details of a malicious Android app disguised as a fake TikTok app targeting users of the JIO carrier in India.
Malware
X Individual
CC
IN
Zscaler, TikTok, Android, JIO
63
08/04/2021
8/4/2021
8/4/2021
?
Hôpital de Saint-Gauden
The French Hôpital de Saint-Gauden is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
FR
Hôpital de Saint-Gauden, ransomware
64
08/04/2021
4/4/2021
4/4/2021
?
City of Lawrence
The City of Lawrence is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Lawrence, ransomware
65
08/04/2021
Between 16/12/2020 and 05/02/2021
-
?
Total Health Care
Total Health Care notifies 221,454 health plan members and physicians of a hacking incident on its employee email accounts.
Account Takeover
Q Human health and social work activities
CC
US
Total Health Care
66
09/04/2021
-
-
?
Multiple targets
Researchers from Microsoft reveal that threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware using legitimate Google URLs.
Account Takeover
Y Multiple Industries
CC
>1
Microsoft, IcedID
67
09/04/2021
-
-
?
Android users
Researchers from Kaspersky and Dr.Web discover a variant of Triada embedded within the official application of APKPure, a popular third-party Android app store and an alternative to Google's official Play Store.
Malware
X Individual
CC
US
Kaspersky, Dr.Web, APKPure, Google, Play Store
68
09/04/2021
Between 21/01/2021 and 01/03/2021
-
?
Geico
Geico, the second-largest auto insurer in the U.S., suffers a data breach when threat actors exploit a bug in their website to steal the driver’s licenses for policyholders for several weeks.
Vulnerability
K Financial and insurance activities
CC
US
Geico
69
09/04/2021
7/4/2021
7/4/2021
?
Facebook users
Cybercriminals remove a number of Facebook ads masquerading as a Clubhouse app for PC users in order to target unsuspecting victims with malware.
Malware
X Individual
CC
>1
Facebook, Clubhouse
70
09/04/2021
-
-
?
City of Isle-sur-la-Sorgue
The City of Isle-sur-la-Sorgue is hit with a ransomware attack, with criminals demanding a ransom of 500,000 euros.
Malware
O Public administration and defence, compulsory social security
CC
FR
Isle-sur-la-Sorgue, ransomware
71
09/04/2021
8/4/2021
8/4/2021
?
Municipality of Douai
The Municipality of Douai is hit with a cyber attack the blocks the telephone lines and emails.
Malware
O Public administration and defence, compulsory social security
CC
FR
Municipality of Douai
72
09/04/2021
-
-
Clop
Durham Region (durham.ca)
The Durham Region joins the list of the victims of the Accellion breach.
Vulnerability
O Public administration and defence, compulsory social security
CC
CA
Durham, Accellion, Clop
73
09/04/2021
-
-
?
Certis
Certis, a security firm in Singapore, reveals that about 62,000 e-mails may have been accessed by cyber criminals.
Unknown
M Professional scientific and technical activities
CC
SG
Certis
74
09/04/2021
26/02/2021 and 26/03/2021
26/02/2021 and 26/03/2021
?
Ansal Housing
Realty firm Ansal Housing discloses that the company had faced multiple ransomware attacks on its IT system since February 26, which may have resulted in some data loss.
Malware
L Real estate activities
CC
IN
Ansal Housing, ransomware
75
09/04/2021
-
-
Ryuk
Swiss General trade school (Allgemeine Gewerbeschule)
The Swiss General trade school (Allgemeine Gewerbeschule) is hit by Ryuk ransomware.
Malware
P Education
CC
CH
Swiss General Trade School, Allgemeine Gewerbeschule, Ryuk, ransomware
76
09/04/2021
Between 04/08/2020 and 21/09/2020
7/9/2020
?
American College of Emergency Physicians (ACEP)
The American College of Emergency Physicians reveals that the credentials of a database were compromised by a third party.
Malware
S Other service activities
CC
US
American College of Emergency Physicians, ACEP
77
11/04/2021
-
-
ShinyHunters
Upstox
Indian stock trading firm Upstox reveals to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers’ personal information.
Misconfiguration
K Financial and insurance activities
CC
IN
Upstox, ShinyHunters
78
11/04/2021
9/4/2021
9/4/2021
?
City of Morières-lès-Avignon
The City of Morières-lès-Avignon is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Morières-lès-Avignon, ransomware
79
11/04/2021
11/4/2021
11/4/2021
?
USL Umbria 2
The healthcare facility USL Umbria 2 is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
IT
USL Umbria, ransomware
80
11/04/2021
7/4/2021
7/4/2021
?
Gruppo Gino
The Gruppo Gino car dealer is hit with a ransomware attack.
Malware
G Wholesale and retail trade
CC
IT
Gruppo Gino, ransomware
81
11/04/2021
9/4/2021
9/4/2021
Pysa
Woodlake Unified District
Woodlake Unified District joins the list of the Pysa ransomware victims.
Malware
P Education
CC
US
Woodlake Unified District, Pysa ransomware
82
12/04/2021
-
-
?
Bakker Logistiek
A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek causes a cheese shortage in Dutch supermarkets.
Malware
H Transportation and storage
CC
NL
Bakker Logistiek
83
12/04/2021
During March 2021
-
?
ParkMobile
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America.
Vulnerability
N Administrative and support service activities
CC
US
ParkMobile
84
12/04/2021
-
-
Iran
Israel
Israeli spy agencies accuse Iran of using fake social media accounts to lure citizens of the Jewish state abroad "to harm or abduct them".
Fake Social Networks Accounts
X Individual
CW
IL
Iran, Israel
85
12/04/2021
-
-
?
Würth France
Würth France, the French subsidiary of the German hardware chain, experiences an unspecified "security incident".
Unknown
C Manufacturing
CC
FR
Würth France
86
12/04/2021
10/4/2021
11/4/2021
?
Turin Territorial Housing Agency (Agenzia Territoriale per la Casa - ATC)
The Turin Territorial Housing Agency (ATC) website is hit with a ransomware attack. The criminals demand a ransom of $ 700,000.
Malware
O Public administration and defence, compulsory social security
CC
IT
Turin Territorial Housing Agency, Agenzia Territoriale per la Casa, ATC, ransomware
87
13/04/2021
13/4/2021
13/4/2021
NodeJS developers
Midlands News Association
A new malicious package dubbed web-browserify is discovered on the npm registry, targeting NodeJS developers using Linux and Apple macOS operating systems.
Malware
Y Multiple Industries
CC
>
NodeJS, web-browserify, npm
88
13/04/2021
-
-
?
Undisclosed organization
Researchers from Armorblox discover a W-2 tax document phishing scam that abuses TypeForm forms to steal the login credentials.
Account Takeover
Z Unknown
CC
N/A
Armorblox, TypeForm, W-2
89
13/04/2021
-
-
?
Vulnerable Exchange Servers
Researchers at Sophos identify attackers attempting to take advantage of the Microsoft Exchange Server ProxyLogon exploit to secretly install a Monero cryptominer on Exchange servers.
Sophos, Microsoft Exchange Server, ProxyLogon, Monero, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
CVE-2021-27065
90
13/04/2021
-
-
?
Multiple targets
Google patches more 0-days vulnerability targeting Chrome and exploited in the wild.
CVE-2021-21206 and CVE-2021-21220 vulnerabilities.
Y Multiple Industries
N/A
N/A
Google, Chrome, CVE-2021-21206, CVE-2021-21220
91
13/04/2021
-
-
?
Multiple targets
Resarchers from Lacework reveal the details of a new cryptojacking campaign targeting vulnerable public facing Nagios XI applications via the Carbine Loader malicious script.
Vulnerability
Y Multiple Industries
CC
>1
Lacework, Carbine Loader, Nagios XI
92
13/04/2021
-
23/2/2021
?
LogicGate
Risk and compliance startup LogicGate confirms a data breach after an unauthorized third party obtains credentials to its Amazon Web Services-hosted cloud storage.
Cloud Misconfiguration
M Professional scientific and technical activities
CC
US
LogicGate, AWS
93
13/04/2021
-
-
?
Single individuals
Researchers from eSentire reveal that more than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening documents delivering a RAT via search redirection.
Malware
X Individual
CC
>1
eSentire, Google Sites
94
13/04/2021
3/4/2021
-
?
Federal Group
Tasmania Casino operator Federal Group is hit with a ransomware attack.
Malware
R Arts entertainment and recreation
CC
AU
Federal Group, ransomware
95
13/04/2021
8/4/2021
8/4/2021
?
Bourbon Group
Bourbon Group, a French company providing maritime services to the oil industry, is hit with a cyber attack.
Unknown
M Professional scientific and technical activities
CC
FR
Bourbon Group
96
13/04/2021
-
-
?
University of Portsmouth
The University of Portsmouth closes its campus due to ‘technical disruption’ to its IT network in what is believed to be a ransomware attack.
Malware
P Education
CC
UK
University of Portsmouth, ransomware
97
13/04/2021
10/4/2021
10/4/2021
?
City of Floreffe
The Belgian city of Floreffe is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
BE
Floreffe, ransomware
98
13/04/2021
Between 19/11/2019 and 20/01/2020
11/3/2021
?
VEP Healthcare
VEP Healthcare notifies patients of a phishing attack.
Account Takeover
Q Human health and social work activities
CC
US
VEP Healthcare
99
14/04/2021
-
14/4/2021
?
Celsius Network
Cryptocurrency rewards platform Celsius Network discloses a security breach exposing customer information that led to a phishing attack.
Account Takeover
V Fintech
CC
UK
Celsius Network
100
14/04/2021
-
-
Lazarus Group AKA Hidden Cobra
Single individuals
Researchers from Group-IB reveal a new campaign by the Lazarus Group using the BTC Changer JS crypto stealer.
A report by Bolster reveals how threat actors use typosquatting domain names that impersonate the popular Rarible.com site but lead them to scams, malware, and other unwanted content.
>1
R Arts entertainment and recreation
CC
>1
Bolster, Rarible.com, NFT
102
14/04/2021
7/4/2021
-
?
Bernards School District
The Bernards School District remains down after a cyber attack.
Unknown
P Education
CC
US
Bernards School District
103
14/04/2021
12/4/2021
-
?
Hillsborough School District
The Hillsborough School District remains down after a cyber attack.
Unknown
P Education
CC
US
Hillsborough School District
104
14/04/2021
-
-
?
Route Mobile
A hacker sells on Telegram the data from Route Mobile, a leading Cloud communication platform service providers in India, allegedly containing internal data of Tata Communications.
Unknown
M Professional scientific and technical activities
CC
IN
Telegram, Route Mobile, Tata Communications
105
14/04/2021
13/4/2021
13/4/2021
?
Undisclosed company
An undisclosed manufacturer is hit with a ransomware attack that affects the deliveries of the Asti Docg wine.
Malware
C Manufacturing
CC
IT
Ransomware, Asti Docg
106
14/04/2021
-
-
?
Griesser AG
Griesser AG, a Swiss firm that manufactures sun protection window treatments falls prey to a ransomware attack.
Malware
C Manufacturing
CC
CH
Griesser AG, Ransomware
107
14/04/2021
Early April 2021
Early April 2021
Avaddon
Asbis
The Czech branch of Asbis, a distributor of consumer electronics and IT products and solutions in central and eastern Europe, is hit with an Avaddon ransomware attack.
Malware
N Administrative and support service activities
CC
CZ
Asbis, Avaddon
108
14/04/2021
-
-
HydroJiin
Multiple targets
Researchers from Zscaler reveal the details of HydroJiin, a campaign campaign involving multiple infostealer RAT families and miner malware.
Malware
Y Multiple Industries
CC
>1
Zscaler, HydroJiin,
109
15/04/2021
14/4/2021
14/4/2021
?
University of Hertfordshire
The University of Hertfordshire suffers a devastating cyberattack that knocks out all of its IT systems, including Office 365, Teams and Zoom, local networks, Wi-Fi, email, data storage and VPN.
Unknown
P Education
CC
UK
University of Hertfordshire
110
15/04/2021
-
-
?
Single individuals
Researchers from Avast discover a new malware named HackBoss in disguise of a hacker tool able to steal more than $500,000 using Telegram as an exfiltration channel.
Malware
X Individual
CC
>1
Avast, HackBoss. Telegram
111
15/04/2021
31/1/2021
1/4/2021
?
Codecov
Codecov online platform for hosted code testing reports and statistics announces that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers
Malware
N Administrative and support service activities
CC
N/A
Codecov
112
15/04/2021
Since January 2021
-
?
Multiple Organizations
Researchers at Sophos discover several waves of a spam-driven malware campaign using Slack and BaseCamp to deliver the BazarLoader malware.
Malware
Y Multiple Industries
CC
>1
Sophos, Slack, BaseCamp, BazarLoader
113
15/04/2021
-
-
SVR (aka APT29, Cozy Bear, and The Dukes)
U.S. Government
The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.
Researchers from Uptycs detect several variants of the Linux-based botnet malware family, “Gafgyt”, re-using code from the infamous Mirai botnet.
Vulnerability
Y Multiple Industries
CC
>1
Uptycs, Gafgyt, Mirai
115
15/04/2021
-
-
Babuk
Houston Rockets
The Houston Rockets are hit by the Babuk ransomware gang that threatens to leak 500 Gb of data.
Malware
R Arts entertainment and recreation
CC
US
Houston Rockets, Babuk, ransomware
116
15/04/2021
-
15/4/2021
?
iOS users
iOS users are targeted by a kids’ game called “Jungle Run” available in the Apple Store, which is in reality a cryptocurrency-funded casino.
Malware
X Individual
CC
>1
iOS, Jungle Run, Apple Store
117
15/04/2021
14/4/2021
14/4/2021
?
Trescal
Trescal group, a company specialized in in calibration services, reveals to have been hit with a cyber attack.
Unknown
M Professional scientific and technical activities
CC
FR
Trescal
118
15/04/2021
-
-
Doppelpaymer
Municipality of Caselle Torinese
The Municipality of Caselle Torinese is hit with a Doppelpaymer ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
IT
Caselle Torinese, Ransomware, Doppelpaymer
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The second timeline of May 2022 is out. In the second half of the month I collected 120 events, corresponding to an average of 7.50 events/day, an important...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
Click here for part 1.
The second half of January is gone, and it is undoubtely clear that this month has been characterized by hacktivism and will be remembered for the Mega Upload shutdown. Its direct and indirect aftermaths led to an unprecedented wave of cyber ...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…