16-30 April 2021 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The second timeline of April is finally out! In this timeline I have collected 123 events, with an average rate of 8 events per day. A daily value slightly higher than the previous timeline (7.7 events per day). The average values are still pretty high, despite the peek of February seem to be flattening.

Similarly to the previous one, ransomware is still the top threat with nearly 32% of events (but as I always point out they could be many more since too many organizations still do not completely disclose the reason of some unspecified “outages”).

Another trend that is characterizing this period is the growing impact of vulnerabilities for attacks motivated by both cyber crime and cyber espionage. Even in this fortnight the list of exploited technologies, whether they are on-prem hardware appliances or software platforms is pretty long.

Cloud-Native Threats in 2023

Similarly to what I have done in 2022, 2021, and 2020, I am listing those cyber attacks…

The Biggest Data Breaches of 2023

Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches…

16-31 December 2022 Cyber Attack Timeline

Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…

1-15 December 2022 Cyber Attack Timeline

In the first timeline of December, I have collected 147 events (corresponding to 9.8 events/day), a result slightly…

Cloud-Native Threats in 2022

This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…

Photo by Tima Miroshnichenko from Pexels

The Biggest Data Breaches of 2022

Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…

1-15 April 2021 Cyber Attacks Timeline

The first timeline of April is finally out! In this timeline I have collected 117 events, with an average rate of 7.7 events per day. A daily value…

And the growing impact of vulnerabilities is fueling the impact of cyber espionage accordingly: the Lazarus Group, APT29, Tick, Ghostwriter, Naikon, UNC2630, UNC2717, and UNC2682 are few examples of the threat actors that made the headlines in this timeline.

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/04/2021	-	-	Babuk	Phone House Spain	Phone House Spain is hit with a Babuk ransomware attack. The criminals demand a $6M ransom.	Malware	G Wholesale and retail trade	CC	ES		Phone House Spain, Babuk, ransomware
2	16/04/2021	3/9/2020	-	?	Planned Parenthood of Metropolitan Washington, D.C	Planned Parenthood of Metropolitan Washington, D.C., on Friday reveals it had a breach of patient information last fall.	Unknown	Q Human health and social work activities	CC	US		Planned Parenthood of Metropolitan Washington, D.C
3	16/04/2021	16/4/2021	16/4/2021	?	Sectors in public administration, telecommunications, energy and the IT in Slovakia	Multiple targets in Slovakia are hit with a ransomware attack.	Malware	Y Multiple Industries	CC	SK		Slovakia, ransomware
4	16/04/2021	-	-	?	Undisclosed OTP-generating company	A hacker appears to be selling sensitive data they claim to have stolen from an OTP-generating company.	Unknown	M Professional scientific and technical activities	CC	N/A		OTP
5	17/04/2021	-	17/4/2021	?	WhatsApp users	A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages, spreading link to distribute the malware.	Malware	X Individual	CC	>1		WhatsApp, WhatsApp Pink, Signal, Telegram, Viber, Skype
6	17/04/2021	16/4/2021	16/4/2021	?	Fondation santé des étudiants de France	The cliniques of Fondation santé des étudiants de France are paralyzed by a cyber attack.	Malware	Z Unknown	CC	FR		Fondation santé des étudiants de France
7	18/04/2021	-	-	NitroRansomware	Multiple targets	A new ransomware called NitroRansomware demands a Discord Nitro gift code to decrypt files.	Malware	Y Multiple Industries	CC	>		Ransomware, NitroRansomware
8	18/04/2021	-	-	?	Domino's India	A threat actor claims to have hacked Domino's India, stealing 13TB worth of data.	Unknown	I Accommodation and food service activities	CC	IN		Domino's India
9	18/04/2021	11/4/2021	11/4/2021	?	Biblioteca Nacional	The Brazilian Biblioteca Nacional reveals to have been hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	BR		Biblioteca Nacional, ransomware
10	18/04/2021	16/4/2021	16/4/2021	?	Matthew Clark Bibendum (MCB)	Matthew Clark Bibendum (MCB), a distributor of alcoholic beverages and soft drinks in the UK and Ireland, says it’s working to restore IT systems following a cybersecurity incident.	Unknown	N Administrative and support service activities	CC	UK		Matthew Clark Bibendum, MCB
11	19/04/2021	From 31/01/2021	1/4/2021	?	Multiple targets	According to federal investigators, Codecov attackers deployed automation to use the collected customer credentials to tap into hundreds of client networks, thereby expanding the scope of this system breach beyond just Codecov's systems.	Malware	Y Multiple Industries	CE	>1		Codecov
12	19/04/2021	-	-	?	Single individuals	Researchers from ESET issue a warning about sites impersonating the Microsoft Store, Spotify, and FreePdfConvert, an online document converter that distribute malware to steal credit cards and passwords saved in web browsers.	Malware	Y Multiple Industries	CC	>1		ESET, Microsoft Store, Spotify, FreePdfConvert
13	19/04/2021	11/4/2021	-	?	?	Researchers from KELA reveal that the popular hacking forum OGUsers has been hacked for its fourth time in two years, with hackers now selling the site's database containing user records and private messages.	Unknown	S Other service activities	CC	N/A		OGUsers, KELA
14	19/04/2021	-	13/4/2019	Lazarus Group AKA Hidden Cobra	Targets in South Korea	Researchers from Malwarebytes reveal the details of a phishing campaign by the Lazarus Group abusing image files.	Targeted Attack	Y Multiple Industries	CE	KR		Lazarus Group, Hidden Cobra, Malwarebytes
15	19/04/2021	Since 2020	Since 2020	Tag Barnakle	Single individuals	Researchers from Confiant reveal that the Tag Barnakle malvertising operation is still active and continues to operate, compromising more than 120 ad servers over the past year.	Malvertising	X Individual	CC	>1		Confiant, Tag Barnakle
16	19/04/2021	-	-	?	WeChat users in China	Researchers from Qingteng Cloud Security reveal that a recent Chrome exploit is being used to target WeChat users in China.	Vulnerability	X Individual	CC	CN		Qingteng Cloud Security, Chrome, WeChat
17	19/04/2021	Since February 2021	During February 2021	?	Android users in Southwest Asia and the Arabian Peninsula	Researchers from McAfee discover a new wave of 700,000 fraudulent apps into the Google Play store, targeting Android users in Southwest Asia and the Arabian Peninsula.	Malware	X Individual	CC	>1		McAfee, Google Play Store, Android
18	19/04/2021	-	7/4/2021	?	Douglas Elliman	Thousands of New York residents who live in buildings run by Douglas Elliman’s property management arm may have had their personal information compromised after the company’s IT network is breached.	Unknown	L Real estate activities	CC	US		Douglas Elliman
19	19/04/2021	-	-	?	Universidad de Castilla-La Mancha	Universidad de Castilla-La Mancha suffers a ransomware attack.	Malware	P Education	CC	ES		Universidad de Castilla-La Mancha, ransomware
20	19/04/2021	-	-	?	City of Kammeltal	The Bavarian city of Kammeltal is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	DE		Kammeltal, ransomware
21	19/04/2021	-	-	?	Partit Nazzjonalista (Nationalist Party of Malta).	The Partit Nazzjonalista (Nationalist Party of Malta) is hit with an Avaddon ransomware attack.	Malware	S Other service activities	CC	MA		Partit Nazzjonalista, Nationalist Party of Malta, Avaddon, ransomware
22	20/04/2021	-	-	UNC2630 and UNC2717 (linked to China?)	US Defense Industrial base (DIB) networks	Pulse Secure shares mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks.	CVE-2021-22893 Vulnerability	Y Multiple Industries	CE	US		Pulse Secure, Pulse Connect Secure SSL VPN, US Defense Industrial base, DIB, CVE-2021-22893, UNC2630, UNC2717
23	20/04/2021	-	-	UNC2682	Multiple targets	SonicWall urges customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. In at least one known case, these vulnerabilities have been observed to be exploited 'in the wild.	CVE-2021-20021, CVE-2021-20022, CVE-2021-20023 Vulnerability	Y Multiple Industries	CE	>1		UNC2682, CVE-2021-20021, CVE-2021-20022, CVE-2021-20023
24	20/04/2021	-	-	REvil AKA Sodinokibi	Quanta Computer	Ransomware group REvil claims in a blog post published to have stolen blueprints for Apple's latest products after the supplier Quanta is hacked.	Malware	C Manufacturing	CC	TW		Ransomware, REvil, Quanta Computer, Sodinokibi
25	20/04/2021	Since 2016	Since 2016	Tick, AKA Tonto Team and TA428	More than 200 Japanese companies and organizations	Japanese law enforcement believes a group of hackers linked to the Chinese military are behind a broad cyber-espionage campaign that has breached more than 200 Japanese companies.	Targeted Attack	Y Multiple Industries	CE	JP		Tick, Tonto Team, TA428
26	20/04/2021	-	-	?	Undisclosed target(s)	Google ships another urgent security patch for its Chrome browser and warns that attackers are exploiting one of the zero-days in active attacks (CVE-2021-21224).	CVE-2021-21224 Vulnerability	Y Multiple Industries	N/A	>1		Google, Chrome, CVE-2021-21224
27	20/04/2021	-	-	?	Android users	Google removes eight apps from the Google Play Store infected with a malware dubbed Android/Etinu and downloaded 700,000 times, after security researchers discover they steasl users’ text messages and make unauthorized purchases.	Malware	X Individual	CC	>1		Google, Google Play Store, Android/Etinu
28	20/04/2021	Since January 2021	-	?	Facebook Messenger users	Researchers from security firm Group-IB discover a large-scale scam campaign targeting Facebook Messenger users all over the world.	Account Takeover	X Individual	CC	>1		Group-IB, Facebook Messenger
29	20/04/2021	Since 2015	-	Multiple Hostile States	At least 10,000 UK nationals	The MI5 reveals that at least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years.	Account Takeover	O Public administration and defence, compulsory social security	CE	UK		MI5, LinkedIn
30	20/04/2021	15/4/2021	15/4/2021	?	Cegos Group	Cegos Group, a distance learning and training provider, is hit with a cyber attack.	Unknown	N Administrative and support service activities	CC	FR		Cegos Group
31	21/04/2021	-	-	Astro Team	Hoya Vision Care US	Hoya Vision Care US is hit with a ransomware attack. The attackers steal about 300 gigabytes of confidential corporate data.	Malware	C Manufacturing	CC	US		Hoya Vision Care US, Ransomware, Astro Team
32	21/04/2021	Since 19/04/2021	21/4/2021	Qlocker AKA eCh0raix	QNAP devices worldwide	A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.	Malware	Y Multiple Industries	CC	>1		QNAP, Qlocker, 7zip, eCh0raix
33	21/04/2021	Since March 2020	During February 2021	Fajan	Bloomberg customers	Researchers from Cisco Talos discover a new email-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg’s industry-based services.	Malware	X Individual	CC	>1		Cisco Talos, Fajan, Bloomberg
34	21/04/2021	-	-	?	Multiple targets	Security firm Trend Micro reveals that a threat actor is exploiting CVE-2020-24557 in its antivirus products to gain admin rights on Windows systems.	CVE-2020-24557 vulnerability	Y Multiple Industries	N/A	>1		Trend Micro, CVE-2020-24557
35	21/04/2021	-	-	Pareto	Compromised Android devices	Security researchers at Human Security discover Pareto, a massive botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem.	Malware	X Individual	CC	>1		Human Security, Pareto
36	21/04/2021	-	-	UAS	Multiple targets	The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials.	Misconfiguration	Y Multiple Industries	CC	>1		UAS, RDP
37	21/04/2021	-	-	Multiple attackers	Single individuals	The FBI warns that cyber criminals are using fake job listings to target applicants’ personally identifiable information.	Account Takeover	X Individual	CC	US		FBI
38	21/04/2021	During March 2021	During March 2021	?	Undisclosed target	Researchers from Cofense discover a phishing campaign that steals tax-filing information by posing as an IRS email related to the much needed stimulus check.	Account Takeover	Z Unknown	CC	US		Cofense, IRS
39	22/04/2021	During April 2021	During April 2021	Prometei	Multiple targets	Researchers from Cybereason reveal that unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots.	CVE-2021-27065 and CVE-2021-2685 vulnerabilities	Y Multiple Industries	CC	>1		Cybereason, Microsoft Exchange, Prometei, Monero, XMR, CVE-2021-27065, CVE-2021-2685
40	22/04/2021	During April 2021	During April 2021	?	Single individuals	An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers.	Malware	Y Multiple Industries	CC	>1		Michael Page, Ursnif
41	22/04/2021	Between 20/04/2021 and 22/04/2021	22/4/2021	?	Click Studios	Click Studios, the company behind the Passwordstate enterprise password manager, notifies customers that attackers compromised the app's update mechanism to deliver malware in a supply-chain attack after breaching its networks.	Malware	M Professional scientific and technical activities	CE	AU		Click Studios, Passwordstate
42	22/04/2021	-	-	Arid Viper	Government officials, student groups, and security forces	Researchers from Facebook reveal the details of Arid Viper, a group linked to the cyber arm of Hamas, running cyberespionage campaigns against government officials, student groups, and security forces.	Targeted Attack	X Individual	CE	PS		Facebook, Arid Viper, Hamas
43	22/04/2021	-	-	Palestinian Preventive Security Service (PSS)	Various groups, including people opposing the Fatah-led government, journalists, human rights activists, and military groups including the Syrian opposition and Iraqi military.	Resarchers from Facebook discover a new operation carried out by the PSS, using social engineering to coerce their targets into installing Android and Microsoft malware.	Targeted Attack	X Individual	CE	PS		Facebook, Palestinian Preventive Security Service, PSS
44	22/04/2021	Since January 2021	-	?	Multiple Targets	Researchers from Check Point reveal the details of ToxicEye, a RAT that abuses Telegram as part of command-and-control (C2) infrastructure.	Malware	Y Multiple Industries	CC	>1		Check Point, Toxic Eye
45	22/04/2021	20/4/2021	20/4/2021	?	Radixx	A malware attack on Radixx trigger a dayslong outage causing reservations systems to crash at about 20 low-cost airlines around the world.	Malware	M Professional scientific and technical activities	CC	US		Radixx
46	22/04/2021	Between 16/02/2021 and 22/02/201	21/02.2021	?	Gyrodata	Oilfield services company Gyrodata admits it suffered a ransomware attack which may have led to the compromise of data belonging to current and former employees.	Malware	M Professional scientific and technical activities	CC	US		Gyrodata, ransomware
47	22/04/2021	From at least March 2020 to February 2021	During December 2020	Undisclosed APT	US Entities	The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) raises an alarm for a new campaign in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes.	CVE-2020-10148 and Pulse Secure VPN Vulnerability	Y Multiple Industries	CE	US		Cybersecurity and Infrastructure Security Agency, CISA, Pulse Secure VPN, SolarWinds Orion
48	22/04/2021	22/4/2021	22/4/2021	?	Santa Clara Valley Transportation Authority	A cyberattack targets the Santa Clara Valley Transportation Authority and forces a days-long shutdown of many of the agency’s computer systems.	Unknown	H Transportation and storage	CC	US		Santa Clara Valley Transportation Authority
49	22/04/2021	22/4/2021	22/4/2021	?	Canac	The Quebec hardware store Canac is the target of a cyber attack, causing computer failures for nearly two weeks.	Unknown	G Wholesale and retail trade	CC	CA		Canac
50	23/04/2021	-	-	?	Android users	Multiple agencies including UK's National Cyber Security Centre (NCSC) and the Germany’s Federal Office for Information Security (BSI) issue a security guidance about the FluBot malware.	Malware	X Individual	CC	>1		UK's National Cyber Security Centre, NCSC, FluBot, Android, Germany’s Federal Office for Information Security, BSI
51	23/04/2021	-	-	?	Single individuals	Researchers from Kaspersky discover a phishing campaign exploiting the Oscar-nominated movies to steal the victim's credentials.	Account Takeover	X Individual	CC	>1		Kaspersky, Oscar
52	23/04/2021	-	-	?	Municipality of Jijona/Xixona	The municipality of Jijona/Xixona in Spain issues a notice about a cyberattack, but there are not many details.	Malware	O Public administration and defence, compulsory social security	CC	ES		Municipality of Jijona/Xixona
53	23/04/2021	23/4/2021	23/4/2021	?	Madsack Media Group	A suspected ransomware attack hits the publishing company Madsack Media Group.	Malware	J Information and communication	CC	DE		Madsack Media Group, ransomware
54	23/04/2021	16/4/2021	16/4/2021	?	Nieuwegein	Nieuwegein, a managed service provider, is hacked and 96 notary offices are impacted.	Unknown	M Professional scientific and technical activities	CC	NL		Nieuwegein
55	24/04/2021	-	-	?	Linux servers	Researchers from Trend Micro discover a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware.	Malware	Y Multiple Industries	CC	>1		Trend Micro, Linux, DevOps
56	24/04/2021	23/4/2021	23/4/2021	?	Nordlo	Nordlo, a provider of digitalization and managed IT services in Norway and Sweden, is hit with a ransomware attack.	Malware	M Professional scientific and technical activities	CC	NO		Nordlo
57	24/04/2021	24/4/2021	24/4/2021	?	Laurent-Perrier	The French champagne group Laurent-Perrier suffers a cyber attack.	Unknown	I Accommodation and food service activities	CC	FR		Laurent-Perrier
58	25/04/2021	-	25/4/2021	ShinyHunters	BigBasket	ShinyHunters leaks approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.	Malicious Spam	Q Human health and social work activities	CC	US		MacKenzie Bezos-Scott Foundation, Ironscale
59	25/04/2021	-	-	?	Multiple targets	Threat actors are exploiting two vulnerabilities in Soliton's file-sharing FileZen appliance to breach corporate and government systems and steal sensitive data as part of a global hacking campaign that has already hit a major target in the Japanese Prime Minister’s Cabinet Office.	CVE-2020-5639 and CVE-2021-20655 vulnerabilities	Y Multiple Industries	CE	JP		Soliton, FileZen, Japanese Prime Minister’s Cabinet Office, CVE-2020-5639, CVE-2021-20655
60	25/04/2021	-	-	Avaddon	Unione di Comuni Colli del Monferrato	The Avaddon ransomware group publishes screenshots of some data stolen during the cyber attack on the Unione di Comuni Colli del Monferrato	Malware	O Public administration and defence, compulsory social security	CC	IT		Avaddon, ransomware, Unione di Comuni Colli del Monferrato
61	25/04/2021	-	-	?	Some Spanish agencies	A number of Spanish agencies are hit in what appears to be a synchronized attack involving malware	Malware	O Public administration and defence, compulsory social security	CC	ES		Spain
62	26/04/2021	During April 2021	During April 2021	SVR aka APT29, the Duke, Cozy Bear	US and foreign organizations	The FBI, the US Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) warn today of continued attacks coordinated by the Russian Foreign Intelligence Service (SVR aka APT29) against US and foreign organizations.	Targeted Attack	Y Multiple Industries	CE	>1		SVR, APT29, FBI, US Department of Homeland Security, DHS, Cybersecurity and Infrastructure Security Agency, CISA, Duke, Cozy Bear
63	26/04/2021	-	-	Babuk	Metropolitan Police Department of the District of Columbia	The Metropolitan Police Department of the District of Columbia confirms that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data.	Malware	O Public administration and defence, compulsory social security	CC	US		Metropolitan Police Department of the District of Columbia, Babuk, ransomware
64	26/04/2021	Since 2019	-	Naikon	Military organizations from Southeast Asia	Researchers from Bitdefender discover a new campaign by the Chinese speaking threat actor Naikon targeting military organizations from Southeast Asia using the RainyDay and Nebulae backdoors.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1		Bitdefender, Naikon, Nebulae, RainyDay
65	26/04/2021	26/4/2021	26/4/2021	?	Single individuals	Cybercriminals target Rogers customers with a new SMS phishing campaign pretending to be refunds for last week's Canada-wide wireless outage.	Account Takeover	X Individual	CC	CA		Rogers
66	26/04/2021	26/4/2021	26/4/2021	?	Guilderland Central School District	The Guilderland Central School District is hit with a ransomware attack.	Malware	P Education	CC	US		Guilderland Central School District, ransomware
67	26/04/2021	-	-	?	Elekta	Several US hospitals are thought to have been affected after a security breach at Elekta, a specialist provider of equipment for cancer treatments last week.	Unknown	M Professional scientific and technical activities	CC	SE		Elekta
68	26/04/2021	Earlier in April 2021	Earlier in April 2021	Babuk	Zambon	Zambon, an Italian pharmaceutical company is hit with a Babuk ransomware attack.	Malware	M Professional scientific and technical activities	CC	IT		Zambon, Babuk, ransomware
69	26/04/2021	26/4/2021	26/4/2021	?	Centennial School District	Centennial School District is hit with a ransomware attack.	Malware	P Education	CC	US		Centennial School District, ransomware
70	26/04/2021	25/4/2021	25/4/2021	?	Nissan Securities	Nissan Securities issues a statement disclosing that it experienced unauthorized access.	Unknown	K Financial and insurance activities	CC	JP		Nissan Securities
71	26/04/2021	-	-	REvil AKA Sodinokibi	Mipharm SPA	Mipharm SPA is hit by a REvil ransomware attack.	Malware	M Professional scientific and technical activities	CC	IT		Mipharm SPA, ransomware, Sodinokibi, Revil
72	26/04/2021	-	-	Avaddon	Mspharma	Mspharma joins the list of the Avaddon ransomware victims.	Malware	M Professional scientific and technical activities	CC	JO		Mspharma, Avaddon, ransomware
73	26/04/2021	-	-	?	Tegut	The supermarket chain Tegut suffers a cyberattack.	Unknown	G Wholesale and retail trade	CC	DE		Tegut
74	26/04/2021	18/2/2021	18/2/2021	?	Sapphire Community Health	Sapphire Community Health notifies 4,000 patients about a ransomware attack.	Malware	Q Human health and social work activities	CC	UK		Sapphire Community Health, ransomware
75	26/04/2021	-	22/4/2021	Pompompurin	Unknown company	A hacker going by the online handle of Pompompurin leaked a database containing personal and sensitive household data of over 250 million (250,807,711) American citizens and residents.	Unknown	Z Unknown	CC	US		Pompompurin
76	26/04/2021	1/4/2021	1/4/2021	?	Office of the Public Defender	The Office of the Public Defender in southwestern Florida says malware attackers may have compromised the personally identifiable information of its staff and clients.	Malware	O Public administration and defence, compulsory social security	CC	US		Office of the Public Defender
77	27/04/2021	25/4/2021	25/4/2021	?	UnitingCare Queensland	UnitingCare Queensland confirms it has fallen victim to a ransomware cyber incident, rendering some of its systems inaccessible.	Malware	Q Human health and social work activities	CC	AU		UnitingCare Queensland, ransomware
78	27/04/2021	-	-	?	Chase Bank customers	Researchers from Armorblox discover two phishing campaigns targeting Chase Bank customers.	Account Takeover	K Financial and insurance activities	CC	US		Armorblox, Chase Bank
79	27/04/2021	27/4/2021	27/4/2021	DarkSide	Banca di Credito Coperativo (BCC)	Banca di Credito Coperativo (BCC) is hit with a DarkSide ransomware attack.	Malware	K Financial and insurance activities	CC	IT		Banca di Credito Coperativo, BCC, DarkSide, ransomware
80	27/04/2021	-	-	?	Undisclosed target	Researchers at Cofense discover a phishing campaign targeting Office 365 users and including a convincing SharePoint document claiming to require an email signature…urgently.	Account Takeover	Z Unknown	CC	N/A		Cofense, Office 365, SharePoint
81	27/04/2021	24/4/2021	24/4/2021	?	City of Bourg-Saint-Maurice	The city of Bourg-Saint-Maurice is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	FR		Bourg-Saint-Maurice, ransomware
82	27/04/2021	12/4/2021	12/4/2021	?	Fiji Government	A cyber attack disrupts some of the Fiji Government’s online services and networks.	Unknown	O Public administration and defence, compulsory social security	CC	FJ		Fiji
83	27/04/2021	During February 2021	During February 2021	?	Undisclosed target	Researchers from Cofense discover a phishing campaign that targets Office 365 users and includes a convincing SharePoint document claiming to require an urgent email signature.	Account Takeover	Z Unknown	CC	US		Cofense, SharePoint
84	28/04/2021	Between 09/04/2021 and 22/04/2021	-	?	DigitalOcean	DigitalOcean emails customers warning of a data breach involving customers’ billing data.	Misconfiguration	M Professional scientific and technical activities	CC	US		DigitalOcean
85	28/04/2021	-	-	Lockbit	Merseyrail	UK rail network Merseyrail confirms a cyberattack after the Lockbit ransomware gang use their email system to email employees and journalists about the attack.	Malware	H Transportation and storage	CC	UK		Merseyrail, ransomware, Lockbit
86	28/04/2021	End of April 2021	28/4/2021	?	Single individuals	Click Studios, the software company behind the Passwordstate enterprise password manager, is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware.	Malware	X Individual	CC	>1		Click Studios, Passwordstate
87	28/04/2021	Since 2019	25/3/2021	RotaJakiro	Linux servers	Researchers from Qihoo 360 discover a new backdoor called RotaJakiro targeting Linux servers and undetected for years.	Malware	Y Multiple Industries	CC	>1		Qihoo 360, RotaJakiro
88	28/04/2021	28/4/2021	28/4/2021	?	Resort Municipality of Whistler (RMOW)	The Resort Municipality of Whistler (RMOW) suffers a ransomware attack and has 800Gb leaked.	Malware	R Arts entertainment and recreation	CC	CA		Resort Municipality of Whistler, RMOW
89	28/04/2021	28/4/2021	28/4/2021	REvil AKA Sodinokibi	Tribunal de Justiça do Estado do Rio Grande do Sul	Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul is hit with a REvil ransomware attack that forces the courts to shut down their network.	Malware	O Public administration and defence, compulsory social security	CC	BR		Tribunal de Justiça do Estado do Rio Grande do Sul, REvil, Sodinokibi, ransomware
90	28/04/2021	Earlier in April 2021	Earlier in April 2021	?	First Horizon Corporation	Bank holding company First Horizon Corporation discloses that some of its customers had their online banking accounts breached by unknown attackers earlier this month.	Unknown	K Financial and insurance activities	CC	US		First Horizon Corporation
91	28/04/2021	-	-	?	MacOS users	Apple issues some security fixes resolving issues including CVE-2021-30657, an actively exploited zero-day flaw and a separate Gatekeeper bypass vulnerability.	CVE-2021-30657 Vulnerability	X Individual	N/A	>1		Apple, CVE-2021–30657, Gatekeeper, macOS
92	28/04/2021	Since early 2021	Since early 2021	Hello AKA WickrMe	SharePoint servers	Microsoft SharePoint servers join the list of network devices abused as an entry vector into corporate networks by ransomware gangs.	CVE-2019-0604 Vulnerability	Y Multiple Industries	CC	>1		Microsoft SharePoint, CVE-2019-0604, ransomware, Hello, WickrMe
93	28/04/2021	Between October 2020 and January 2021	-	Ghostwriter	Audiences in Lithuania, Latvia, and Polan	Researchers from FireEye identified five new Ghostwriter operations conducted in both Polish and English, relying on compromised websites, spoofed emails, fake personas, and NATO-themed content.	Fake Social Networks Accounts	Y Multiple Industries	CW	>1		FireEye, Ghostwriter, NATO
94	28/04/2021	-	-	?	Multiple targets	Researchers from Inky discover a new phishing campaign able to evade detection by spoofing the Microsoft logo via an HTML table.	Account Takeover	Y Multiple Industries	CC	>1		Inky, Microsoft
95	28/04/2021	24/4/2021	24/4/2021	?	DLSY	DLSY, a Turkish joint venture responsible for the 1915 Çanakkale bridge is hit with a ransomware attack. Data of 20,000 individuals is involved.	Malware	M Professional scientific and technical activities	CC	TR		DLSY, ransomware
96	28/04/2021	21/4/2021	21/4/2021	?	Centre François Baclesse	The Centre François Baclesse cuts its internet connection to prevent the spread of a computer worm.	Malware	Q Human health and social work activities	CC	FR		Centre François Baclesse
97	28/04/2021	25/4/2021	25/4/2021	?	Invicta Group	Invicta Group, a French company specializing in wood heating is down after a cyber attack.	Unknown	S Other service activities	CC	FR		Invicta Group
98	28/04/2021	15/2/2021	15/2/2021	Avaddon	Capital Medical Center	Capital Medical Center is hit with an Avaddon ransomware attack.	Malware	Q Human health and social work activities	CC	US		Capital Medical Center, Avaddon, ransomware
99	28/04/2021	During December 2020	-	?	U.S. Agency for Global Media (USAGM)	The U.S. Agency for Global Media (USAGM) discloses that they suffered a data breach after falling for a phishing attack in December 2020.	Account Takeover	O Public administration and defence, compulsory social security	CC	US		U.S. Agency for Global Media, USAGM
100	28/04/2021	-	-	?	Employees of U.S. municipalities	KnowBe4 discovers a phishing campaign targeting employees of U.S. municipalities impersonating a legitimate pension found.	Account Takeover	X Individual	CC	US		KnowBe4
101	29/04/2021	-	-	Agelocker	QNAP devices worldwide	QNAP customers are urged to secure their Network Attached Storage (NAS) devices to defend against Agelocker ransomware attacks targeting their data.	Malware	Y Multiple Industries	CC	>1		QNAP, Agelocker, ransomware
102	29/04/2021	Earlier in April 2021	Earlier in April 2021	UNC2447	North American and European targets	UNC2447, a financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy a new ransomware known as FiveHands on the networks of North American and European targets.	Malware	Y Multiple Industries	CC	>1		UNC2447, SonicWall SMA 100, VPN, FiveHands, ransomware,
103	29/04/2021	-	-	WeSupply	Fintech users	Researchers from Palo Alto Networks reveal the details of WeSteal, a commodity Cryptocurrency stealer	Malware	V Fintech	CC	>1		Palo Alto Networks, WeSteal, WeSupply
104	29/04/2021	10/4/2021	10/4/2021	DoppelPaymer	illinois Office of the Attorney General	The operators of the DoppelPaymer ransomware leak a large collection of files from the Illinois Office of the Attorney General.	Malware	O Public administration and defence, compulsory social security	CC	US		DoppelPaymer, ransomware, Illinois Office of the Attorney General
105	29/04/2021	Since April 2021	Since April 2021	DarkPath	Single individuals	Security researchers from the United Nations and security firm Group-IB take down 134 websites operated by a cybercrime group known as DarkPath since April 2021.	Account Takeover	Y Multiple Industries	CC	>1		United Nations, Group-IB, DarkPath, April 2021
106	29/04/2021	Earlier in the same week of April	Earlier in the same week of April	?	Colchester Institute	The Colchester Institute suffers a suspected ransomware attack.	Malware	P Education	CC	UK		Colchester Institute, ransomware
107	29/04/2021	18/4/2021	18/4/2021	Avaddon	Presque Isle Police Department	The Presque Isle Police Department suffers an Avaddon ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US		Presque Isle Police Department, Avaddon, ransomware
108	29/04/2021	12/4/2021	Between 02/12/2020 and 10/21/2020	?	AmeriFirst Financial	Amerifirst Financial discloses a breach.	Unknown	K Financial and insurance activities	CC	US		AmeriFirst Financial
109	29/04/2021	3/2/2021	3/2/2021	?	St. John’s Well Child and Family Center	St. John’s Well Child and Family Center discloses a data security incident.	Unknown	Q Human health and social work activities	CC	US		St. John’s Well Child and Family Center
110	29/04/2021	From May 2020 to January 2021	During April 2020	?	Easy Ordering	Gemini Advisory reveals to have identified a malicious payload that infected Easy Ordering’s sites.	Malicious Script Injection	I Accommodation and food service activities	CC	CN		Gemini Advisory, Easy Ordering
111	29/04/2021	From April 2020 to December 2020	-	?	MenuSifu	Gemini Advisory reveals to have identified a malicious payload that infected MenuSifu’s sites.	Malicious Script Injection	I Accommodation and food service activities	CC	US		Gemini Advisory, MenuSifu
112	29/04/2021	From March 2020 to February 2021	-	?	E-Dining Express	Gemini Advisory reveals to have identified a malicious payload that infected E-Dining Express’s sites.	Malicious Script Injection	I Accommodation and food service activities	CC	US		Gemini Advisory, E-Dining Express
113	29/04/2021	From March 2020 to March 2021	-	?	Food Dudes Delivery	Gemini Advisory reveals to have identified a malicious payload that infected Food Dudes Delivery.	Malicious Script Injection	I Accommodation and food service activities	CC	US		Gemini Advisory, Food Dudes Delivery
114	29/04/2021	From August 2019 to December 2020	-	?	Grabull	Gemini Advisory reveals to have identified a malicious payload that infected Grabull.	Malicious Script Injection	I Accommodation and food service activities	CC	US		Gemini Advisory, Grabull
115	30/04/2021	-	-	?	At least five US federal agencies	The US Cybersecurity and Infrastructure Security Agency says that at least five US federal agencies may have experienced cyberattacks that targeted the recently discovered CVE-2021-22893 Pulse Secure VPN vulnerability.	CVE-2021-22893 Vulnerability	O Public administration and defence, compulsory social security	CE	>1		US Cybersecurity and Infrastructure Security Agency, CVE-2021-22893, Pulse Secure VPN
116	30/04/2021	-	-	Tick, AKA Tonto Team and TA428	Rubin Design Bureau	Researchers from Cybereason reveal that hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of Rubin Design Bureau, an engineering company that designs submarines for the Russian Navy.	Targeted Attack	Q Human health and social work activities	CC	RU		Tick, Tonto Team, TA428, Rubin Design Bureau, Cybereason, Rubin Design Bureau
117	30/04/2021	-	22/1/2021	Clop	City of Toronto	The City of Toronto joins the list of the victims of the Accellion Breach.	Vulnerability	O Public administration and defence, compulsory social security	CC	CA		Toronto, Accellion, Clop
118	30/04/2021	29/4/2021	29/4/2021	?	Virgin Active South Africa	Virgin Active South Africa reveals to have been hit with a cyber attack and goes offline.	Unknown	R Arts entertainment and recreation	CC	ZA		Virgin Active South Africa
119	30/04/2021	29/4/2021	29/4/2021	?	Hotbit	Cryptocurrency trading platform Hotbit shuts down all services for at least a week after a cyberattack takes down several of its services.	Unknown	V Fintech	CC	EE		Hotbit
120	30/04/2021	27/4/2021	27/4/2021	?	Swiss Cloud Computing AG	Swiss Cloud Computing AG suffers a ransomware attack. The data of 6,500 customers is impacted.	Malware	M Professional scientific and technical activities	CC	CH		Swiss Cloud Computing AG
121	30/04/2021	29/4/2021	29/4/2021	?	Colis Privé	Colis Privé is the victim of a cyber attack.	Unknown	N Administrative and support service activities	CC	FR		Colis Privé
122	30/04/2021	30/4/2021	30/4/2021	?	Technische Universität Berlin (TU)	Technische Universität Berlin announces that they had become the victim of what sounds like a ransomware attack:	Malware	P Education	CC	DE		Technische Universität Berlin, TU
123	30/04/2021	From 30/07/2020 to 03/08/2020	2/3/2021	?	Achievement Center of LECOM Health	The Achievement Center of LECOM Health discloses a phishing attack occurred from July 30, 2020 to August 3, 2020.	Account Takeover	Q Human health and social work activities	CC	US		Achievement Center of LECOM Health
124	30/04/2021	Earlier in February 2021	-	?	Thrifty Drug Stores	Thrifty Drug Stores notifies customers about a security breach, after certain files on its system were accessed without authorization in February.	Unknown	G Wholesale and retail trade	CC	US		Thrifty Drug Stores
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

The Biggest Data Breaches of 2021

Leaky Buckets

A List of Cloud Misconfigurations

Cloud-Native Threats In 2021

A list of the main cloud-native threats 2021

Previous slide

Next slide

July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
1-15 August 2023 Cyber Attacks Timeline
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
August 2016 Cyber Attacks Statistics
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...