The first timeline of May is out! In this timeline I have collected 89 events, with an average rate of 5.9 events per day, that’s the minimum level recorded so far that confirms a decreasing trend (at least in term of numbers, than the imopact… Well, that’s a different story!)
DarkSide… Probably at this point everybody is aware of this RaaS (Ransomware-as-a-Service) gang, which has caused severe disruptions in the largest fuel pipeline of the United States… And this is not the only high-profile operation due to ransomware in this timeline… Unsurprisingly, ransomware continues to dominate the threat landscape, characterizing approximately 45% of events (that’s new maximum, and bear in mind, as I always point out, that the real number could be even higher since too many organizations do not completely disclose the root cause of unspecified “outages” tracked as the outcome of a generic “cyber attack”).
The exploitation of vulnerabilities continues to equally characterize the threat landscape. And it does not matter whether the target is a remote access technology, or an application server or even a mobile phone: generic cyber criminals or state-sponsored actors continue to take the maximum advantage from this opportunity.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The second timeline of April is finally out! In this timeline I have collected 123 events, with an average rate of 8 events per day. A daily value slightly higher than the previous timeline…
The range of vulnerabilities to exploit is so wide that attackers continue to change their TTPs accordingly: that’s the case of APT29, for which a joint advisory was issued by the NCSC, CISA, FBI, and the NSA. That’s one of the few examples of state-sponsored actors in this timeline… Ransomware is really overshadowing anything else.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/05/2021
1/5/2021
1/5/2021
?
Scripps Health
Nonprofit health care provider Scripps Health in San Diego is hit with a ransomware attack that forces the organization to suspend user access to its online portal and switch to alternative methods for patient care operations.
Malware
Q Human health and social work activities
CC
US
Scripps Health, ransomware
2
01/05/2021
1/5/2021
1/5/2021
?
Alaska Court System
The Alaska Court System has temporarily disconnects most of its operations from the internet, including its website and removing the ability to look up court records, after a cybersecurity threat.
Unknown
O Public administration and defence, compulsory social security
CC
US
Alaska Court System
3
02/05/2021
Since 18/04/2021
-
N3TW0RM
H&M Israel
H&M Israel is hit by a N3TW0RM ransomware attack. The attackers leak 110 GB of data and appear similar to the Pay2Key politically motivated ransomware group.
Malware
G Wholesale and retail trade
CW
IL
N3TW0RM, ransomware, H&M Israel
4
02/05/2021
Since 18/04/2021
-
N3TW0RM
Veritas Logistic
Veritas Logistic joins the list of the victims of the N3TW0RM group and has 9 GB Of data leaked
Malware
H Transportation and storage
CW
IL
N3TW0RM, ransomware, Veritas Logistic
5
02/05/2021
Since 18/04/2021
-
N3TW0RM
Two undisclosed companies and one undisclosed NGO
Two undisclosed companies and one undisclosed NGO join the list of the victims of the N3TW0RM group and have their data leaked.
Malware
Y Multiple Industries
CW
IL
N3TW0RM, ransomware
6
03/05/2021
-
-
?
iOS users
Apple releases a batch of WebKit patches for multiple products including a fix for CVE-2021-30663 and CVE-2021-30665, two suspected WebKit 0-days actively exploited in the wild.
CVE-2021-30663 and CVE-2021-30665 vulnerabilities
X Individual
N/A
>1
Apple, WebKit, CVE-2021-30663, CVE-2021-30665
7
03/05/2021
During April 2021
During April 2021
?
Over 200 organizations across more than 50 verticals.
Researchers from Proofpoint identify RustyBuer a new variant of the Buer malware loader written in Rust, and distributed via emails masquerading as rogue DHL shipping notices.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Buer, RustyBuer, Rust, DHL
8
03/05/2021
27/4/2021
-
?
Single individuals
"freevaccinecovax.org", a fake COVID-19 vaccine website stealing visitors' data is shut down by the Justice Department.
Account Takeover
X Individual
CC
US
"freevaccinecovax.org", COVID-19, Justice Department
9
03/05/2021
In February and March 2021
-
?
Multiple targets
Researchers from Cofense discover two related phishing campaigns distributing BazarBackdoor and avoiding detection by forcing the victim to explicitly perform the steps necessary to the infection such as, referencing a website or asking to call a specific number.
Account Takeover
Y Multiple Industries
CC
>1
Cofense, BazarBackdoor
10
03/05/2021
29/11/2020
9/12/2020
Pysa
Nama Khoi Municipality
The Nama Khoi Municipality in the Northern Cape Province is struggling to restore IT systems that were hit by a Pysa ransomware attack last year.
Malware
O Public administration and defence, compulsory social security
CC
US
The Nama Khoi, Pysa, ransomware
11
03/05/2021
During February 2021
11/2/2021
?
Midwest Transplant Network
Midwest Transplant Network suffers a ransomware attack and 17,000 individuals are affected.
Malware
Q Human health and social work activities
CC
US
Midwest Transplant Network, ransomware
12
03/05/2021
2/5/2021
2/5/2021
?
StudentAid BC
StudentAid BC, The website that British Columbia students visit to manage their student loans, is defaced.
Defacement
N Administrative and support service activities
CC
CA
StudentAid BC, British Columbia
13
04/05/2021
in two waves on 02/12/2020 and between 11/12/2020 and 18/12/2020
During December 2020
UNC2529
50 orgs from a wide variety of industries
Researchers from FireEye reveal the details of a global-scale campaign targeting worldwide organizations across an extensive array of industries with never-before-seen malware strains dubbed DOUBLEDRAG, DOUBLEDROP and DOUBLEBACK.
Malware
Y Multiple Industries
CC
>1
FireEye, DOUBLEDRAG, DOUBLEDROP, DOUBLEBACK
14
04/05/2021
4/5/2021
4/5/2021
?
Belnet
Most of the Belgium government’s IT network (affecting approximately 200 government organizations) is down after a massive DDoS attack knocks offline Belnet, a government-funded ISP that provides internet connectivity for Belgian government organizations. Apparently, the attack occurred when the Belgian Parliament was meant to hold a debate on the Uyghurs in China.
DDoS
O Public administration and defence, compulsory social security
CW
BE
Belnet, Uyghurs, China
15
04/05/2021
-
-
?
Multiple targets
Researchers from Trustwave reveal the details of Pingback, a malware using the ICMP protocol for command and control notification.
Malware
Y Multiple Industries
CC
>1
Trustwave, Pingback, ICMP
16
04/05/2021
Since 2018
Since 2018
?
Banking users in Brazil
Researchers from ESET reveal the details of Ousaban, a Latin American banking trojan active exclusively in Brazil, and distributed using pornography.
Malware
K Financial and insurance activities
CC
BR
ESET, Ousaban
17
04/05/2021
Early April 2021
Early April 2021
?
Individuals in multiple countries including the US, Australia, Japan, and Germany.
Researchers from Trend Micro reveal the details of Panda Stealer, a new cryptocurrency stealer variant spread through a global spam campaign and potentially through Discord channels.
Malware
V Fintech
CC
>1
Trend Micro, Panda Stealer, Discord
18
04/05/2021
-
29/4/2021
?
Glovo
A cybercriminal manages to break into the Spanish delivery startup Glovo, selling access to both customer and courier accounts, with the ability to change their passwords.
Unknown
G Wholesale and retail trade
CC
ES
Glovo
19
04/05/2021
14/4/2021
14/4/2021
?
SmileDirectClub
SmileDirectClub reveals that the company suffered a cyber attack that could cost the company between $10 and $15 million.
Unknown
M Professional scientific and technical activities
CC
US
SmileDirectClub
20
04/05/2021
4/5/2021
4/5/2021
?
Members of Reddit’s WallStreetBets forum
Members of Reddit’s WallStreetBets forum are targeted in a cryptocurrency scam via Telegram that could have left its victims with at least $2 million in losses.
Crypto Scam
V Fintech
CC
>1
Reddit, WallStreetBets, Binance
21
04/05/2021
-
-
Avaddon
Schepisi Communications
Schepisi Communications, a partner of telecom provider Telstra, is hit with an Avaddon ransomware attack, As a proof, the ransomware gang leaks the SIM data.
The Edinburgh Practice is at the centre of a probe into a data breach after hundreds of client contact details are accessed as part of a phishing scam.
Unknown
Q Human health and social work activities
CC
UK
The Edinburgh Practice
23
04/05/2021
6/10/2020
6/10/2020
?
RXLTC
RXLTC reveals to have suffered a phishing attack impacting three subsidiaries: RX Pharmacy, LTC and RX Pharmacies.
Account Takeover
G Wholesale and retail trade
CC
US
RXLTC, RX Pharmacy, LTC, RX Pharmacies
24
04/05/2021
5/3/2021
1/3/2021
?
Orthopedic Associates of Dutchess County (OADC)
Orthopedic Associates of Dutchess County (OADC) discloses to have some data compromised, after detecting suspicious activity involving the encryption and leak.
Unknown
Q Human health and social work activities
CC
US
Orthopedic Associates of Dutchess County, OADC
25
04/05/2021
-
28/4/2021
?
Groupe Boutin
Groupe Boutin suffers a cyber attack by the Cl0p ransomware gang and receives a random demand.
Malware
H Transportation and storage
CC
CA
Groupe Boutin, Cl0p, ransomware
26
05/05/2021
6/2/2021
19/2/2021
?
CaptureRx
Multiple healthcare providers across the United States are reporting being impacted by a ransomware attack on CaptureRx, a San Antonio-based company providing drug-related administrative services.
Malware
N Administrative and support service activities
CC
US
CaptureRx, ransomware
27
05/05/2021
5/5/2021
5/5/2021
Ryuk
Volue
Norway-based green energy solutions provider Volue is hit with a Ryuk ransomware attack.
Malware
M Professional scientific and technical activities
CC
NO
Volue, Ryuk, ransomware
28
05/05/2021
19/4/2021
19/4/2021
?
Permanent Center for Environmental Initiatives of Gâtine, CPIE
The Permanent Center for Environmental Initiatives of Gâtine (CPIE) suffers a ransomware
Malware
M Professional scientific and technical activities
CC
FR
Permanent Center for Environmental Initiatives of Gâtine, CPIE
29
05/05/2021
-
-
Avaddon
Australia’s Labor Party (New South Wales Branch).
The Australia’s Labor Party (New South Wales Branch) falls prey of an Avaddon ransomware attack.
Malware
S Other service activities
CC
AU
NSW Labor, Avaddon, ransomware
30
06/05/2021
Since 2018
Since 2018
Chinese-speaking threat actor
10 organizations around the world, 8 located South Asia, and two diplomatic organizations in South-East Asia and Africa
Researchers from Kaspersky reveal the details of TunnelSnake, a campaign using Moriya, a stealthy new backdoor and dating back to at least 2018.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Kaspersky, TunnelSnake, Moriya
31
06/05/2021
-
-
?
120 organizations worldwide
Researchers from Microsoft reveal the details of a large-scale business email compromise (BEC) campaign that targeted more than 120 organizations using typo-squatted domains registered a few days before the attacks started.
Business Email Compromise
Y Multiple Industries
CC
>1
Microsoft, Business email Compromise, BEC
32
06/05/2021
-
-
Ryuk
Undisclosed European biomolecular research institute involved in COVID-19 related research
Researchers from Sophos reveal the details of a Ryuk ransomware attack targeting an undisclosed European biomolecular research institute involved in COVID-19 related research and carried out abusing an RDP access obtained via a pirated software infected by malware.
Malware
M Professional scientific and technical activities
CC
N/A
Sophos, Ryuk, ransomware, COVID-19, RDP
33
06/05/2021
4/4/2021
4/4/2021
?
SEIU 775 Benefits Group
SEIU 775 Benefits Group notifies 140,000 individuals after it suffered a hack.
Unknown
N Administrative and support service activities
CC
US
SEIU 775 Benefits Group
34
06/05/2021
6/5/2021
6/5/2021
Meowless
Cluj County Council
The Cluj County Council is hacked and the attackers demand $100 USD in BTC if the council doesn’t want the files dumped.
Unknown
O Public administration and defence, compulsory social security
CC
RO
Cluj County Council
35
06/05/2021
12/3/2021
-
?
Medtronic
Medtronic notifies some customers after an incident where one employee’s devices may have compromised personal or patient information.
Account Takeover
C Manufacturing
CC
US
Medtronic
36
07/05/2021
-
-
SVR aka APT29, the Duke, Cozy Bear
Multiple targets
A joint advisory from NCSC, CISA, FBI, and the NSA warns about the new vulnerabilities exploited by the Russian threat actors known as APT29.
Targets in North America, Europe, South East Asia, South America and Africa
Researchers from Cisco Talos unveil the latest activities of the Lemon Duck hacking group, including the leverage of Microsoft Exchange Server vulnerabilities and the use of decoy top-level domains.
Microsoft Exchange Server vulnerabilities
Y Multiple Industries
CC
>1
Cisco Talos, Lemon Duck, Microsoft Exchange Server
38
07/05/2021
Between 04/03/2021 and 22/03/2021
22/3/2021
?
ATC Transportation
ATC Transportation discloses a ransomware attack.
Malware
H Transportation and storage
CC
US
ATC Transportation, ransomware
39
07/05/2021
Since 22/04/2021
-
?
MedNetwoRX
A reported ransomware attack on the CompuGroup Medical data center partner, MedNetwoRX, prevents some customers’ access to their Aprima electronic health record systems for more than two weeks.
Malware
M Professional scientific and technical activities
CC
US
Ransomware, CompuGroup, MedNetwoRX, Aprima
40
07/05/2021
28/4/2021
-
?
The Mandan Nation
The Mandan Nation, an affiliate tribe, falls prey of a ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
US
Mandan, ransomware
41
07/05/2021
28/4/2021
-
?
The Hidatsa Nation
The Hidatsa Nation, an affiliate tribe, falls prey of a ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
US
Hidatsa, ransomware
42
07/05/2021
28/4/2021
-
?
The Arikara Nation
The Arikara Nation, an affiliate tribe, falls prey of a ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
US
Arikara, ransomware
43
07/05/2021
-
-
?
United Overseas Bank (UOB)
A United Overseas Bank (UOB) employee allegedly falls prey to a scam and leak the personal information of 1,166 customers.
Account Takeover
K Financial and insurance activities
CC
SG
United Overseas Bank, UOB
44
07/05/2021
-
19/4/2021
?
Lori Lightfoot (Mayor of Chicago)
A massive cache of tens of thousands of hacked emails detailing the inner workings of Mayor Lori Lightfoot’s administration is leaked to the public by Distributed Denial of Secrets, apparently in response to the fatal police shooting of 13-year-old Adam Toledo.
Unknown
O Public administration and defence, compulsory social security
CC
US
Lori Lightfoot, Chicago, Distributed Denial of Secrets, Adam Toledo.
45
07/05/2021
Between 21/08/2020 and 25/01/2021
20/1/2021
?
Timberland Regional Library
Timberland Regional Library discloses to have suffered a phishing attack.
Account Takeover
O Public administration and defence, compulsory social security
CC
US
Timberland Regional Library
46
07/05/2021
4/5/2021
4/5/2021
?
Albioma
Albioma, a French independent renewable energy producer, is hit with a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
FR
Albioma, ransomware
47
07/05/2021
During 2020
31/10/2020
?
Brevard School Board
Brevard County School Board reveals that Cyber criminals accessed the identifying information of about 10,000 people through the email accounts of 12 employees.
Account Takeover
P Education
CC
US
Brevard School Board
48
07/05/2021
-
1/4/2021
?
Wolfe Eye Clinic
Wolfe Eye Clinic is hit with a Lorenz ransomware attack.
Malware
Q Human health and social work activities
CC
US
Wolfe Eye Clinic, Lorenz, ransomware
49
07/05/2021
-
-
Cuba
Multiple targets
Researchers from Group-IB discover a campaign distributing the Cuba ransomware via the Hancitor malware downloader.
Malware
Y Multiple Industries
CC
>1
Group-IB, Cuba, ransomware, Hancitor
50
08/05/2021
7/5/2021
7/5/2021
DarkSide
Colonial Pipeline
Colonial Pipeline, the largest fuel pipeline in the United States, shuts down operations after suffering what is reported to be a DarkSide ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Colonial Pipeline, DarkSide, ransomware
51
08/05/2021
Since February 2019
-
Avaddon
Multiple targets
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) warn of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors worldwide.
Malware
Y Multiple Industries
CC
>1
Federal Bureau of Investigation, FBI, Australian Cyber Security Centre, ACSC, Avaddon, ransomware
52
08/05/2021
11/4/2021
11/4/2021
Pysa
Logansport Community School
Logansport Community School is hit with a Pysa ransomware attack.
Malware
P Education
CC
US
Logansport Community School, Pysa, ransomware
53
08/05/2021
21/1/2021
21/1/2021
?
Noblr Reciprocal Exchange
Noblr Reciprocal Exchange notifies 97,633 consumers of a breach involving its insurance quote platform. Attackers used a feature of the platform to illicitly obtain personal information of other drivers.
Vulnerability
K Financial and insurance activities
CC
US
Noblr Reciprocal Exchange
54
08/05/2021
Between 02/06/2021 and 19/03/2021
-
?
American Family Insurance
American Family Insurance notifies 283,734 of a breach linked to its insurance quote platform.
Vulnerability
K Financial and insurance activities
CC
US
American Family Insurance
55
08/05/2021
8/5/2021
8/5/2021
?
Ayuntamiento de Oviedo
The Oviedo City Council (Ayuntamiento de Oviedo) is taken down by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
ES
Ayuntamiento de Oviedo, ransomware
56
08/05/2021
26/4/2021
26/4/2021
?
Veja
Veja, a French footwear and accessories brand known for its eco-friendly sneakers, is hacked.
Unknown
C Manufacturing
CC
FR
Veja
57
09/05/2021
Since January 2020
During August 2020
?
Users accessing cryptocurrency-related sites via Tor
A security researcher with the moniker of Nusenu reveals that for more than 16 months, a threat actor has been seen adding malicious servers to the Tor network in order to intercept traffic and perform SSL stripping attacks on users accessing cryptocurrency-related sites.
SSL Stripping
V Fintech
CC
>1
Tor, Nusenu
58
09/05/2021
7/5/2021
7/5/2021
?
Rensselaer Polytechnic Institute (RPI)
Much of the computer network of Rensselaer Polytechnic Institute (RPI) is forced to shut down after an unauthorized access is detected on Friday.
Unknown
P Education
CC
US
Rensselaer Polytechnic Institute, RPI
59
10/05/2021
8/5/2021
8/5/2021
?
City of Tulsa
The City of Tulsa suffers a ransomware attack that forces the City to shut down its systems to prevent the further spread of the malware.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Tulsa, ransomware
60
10/05/2021
29/3/2021
Beginning of January 2021
?
Mobile banking users
Researchers from Cleafy discover TeaBot, a new Android malware targeting banks in Italy, Spain, Germany, Belgium, and the Netherlands.
Malware
K Financial and insurance activities
CC
>1
Cleafy, TeaBot, Android
61
10/05/2021
-
-
Babuk
Yamabiko
Yamabiko, a Tokyo-headquartered manufacturer of power tools and agricultural and industrial machinery, is apparently added to the data leak site used by the Babuk ransomware group.
Malware
C Manufacturing
CC
JP
Yamabiko, Babuk, ransomware
62
10/05/2021
During April 2021
-
?
Android users
Researchers from Pradeo discover a new Android malware that impersonating the Google Chrome app, has been able to spread to hundreds of thousands of people in the last few weeks, according to researchers
Malware
X Individual
CC
>1
Pradeo, Android, Google Chrome
63
10/05/2021
-
-
?
Municipality of Konya
About 1 million people’s information is stolen in a cyberattack targeting the municipality of Konya in central Turkey.
Unknown
O Public administration and defence, compulsory social security
CC
TR
Municipality of Konya
64
10/05/2021
-
-
?
Herff Jones
A data breach at graduation cap and gown vendor, Herff Jones, has some students’ bank information compromised.
Unknown
N Administrative and support service activities
CC
US
Herff Jones
65
10/05/2021
-
-
?
Ehrmann SE
Ehrmann SE, a dairy headquartered in Germany, is hit with a ransomware attack.
Malware
I Accommodation and food service activities
CC
DE
Ehrmann SE, ransomware
66
10/05/2021
1/5/2021
-
?
Anson County
The Anson County discloses a cyberattack occurred over the first weekend of May, disrupting county services including phone and email.
Malware
O Public administration and defence, compulsory social security
CC
US
Anson County
67
11/05/2021
"In the past few months"
-
?
Aerospace and travel sectors
Microsoft warns of an ongoing spear-phishing campaign targeting aerospace and travel organizations with multiple remote access trojans (RATs) deployed using Snip3, a new and stealthy malware loader as-a-service.
Malware
H Transportation and storage
CC
>1
Microsoft, Snip3
68
11/05/2021
Since at least March 2021
-
?
Single individuals
The FBI issues a warning related to cybercrime gangs using search results and search engine ads to lure victims on phishing sites for financial institutions in order to collect their login credentials.
Account Takeover
K Financial and insurance activities
CC
>1
FBI, Adwords
69
11/05/2021
-
-
?
Adobe Reader users on Windows
Adobe releases a security update to address CVE-2021-28550, a vulnerability affecting both Windows and Mac versions of Acrobat, exploited in the wild.
CVE-2021-28550 vulnerability
Z Unknown
N/A
N/A
Adobe, CVE-2021-28550, Acrobat
70
11/05/2021
-
18/4/2021
?
United Valor Solutions
Security researcher Jeremiah Fowler discovers a database exposed, containing 200,000 records, containing evidence that the data might be accessed by criminals.
Misconfiguration
N Administrative and support service activities
CC
US
United Valor Solutions, Jeremiah Fowler
71
11/05/2021
First week of May 2021
First week of May 2021
?
Multiple targets
Researchers from Abnormal Security reveal the details of a phishing campaign aimed at harvesting Office 365 account credentials, and employing a variety of tricks to fool both email security systems and recipients.
Account Takeover
Y Multiple Industries
CC
>1
Abnormal Security, Office 365
72
11/05/2021
11/5/2021
11/5/2021
?
Energy Hamburg Radio
Energy Hamburg Radio is hit with a cyber attack.
Unknown
J Information and communication
CC
DE
Energy Hamburg Radio
73
12/05/2021
Since approximately two weeks
-
?
Trust Wallet and MetaMask wallet users
Trust Wallet and MetaMask wallet users are being targeted in ongoing and aggressive Twitter phishing attacks to steal cryptocurrency funds.
Account Takeover
V Fintech
CC
>1
Trust Wallet, MetaMask, Twitter
74
12/05/2021
-
-
?
Android and iOS users
Researchers from Sophos discover hundreds of malicious cryptocurrency, stock, and banking apps targeting the iOS and Android platforms.
Malware
X Individual
CC
>1
Sophos, iOS, Android
75
12/05/2021
-
-
?
Truist Bank customers
The FBI reveals that threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware.
Malware
K Financial and insurance activities
CC
US
FBI, Truist
76
13/05/2021
Beginning of May 2021
Beginning of May 2021
DarkSide
Brenntag
Chemical distribution company Brenntag pays a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking the stolen data.
Malware
M Professional scientific and technical activities
CC
DE
Brenntag, DarkSide, ransomware
77
13/05/2021
13/5/2021
13/5/2021
Conti (AKA Wizard Spider)
Irish Department of Health
The Irish Department of Health is hit with a Conti ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
IE
Irish Department of Health, Conti, Wizard Spider
78
13/05/2021
Since April 2021
-
Lorenz
Multiple targets
A new ransomware operation known as Lorenz is targeting organizations worldwide with customized attacks demanding hundreds of thousands of dollars.
Malware
Y Multiple Industries
CC
>1
Lorenz, Ransomware
79
13/05/2021
Since 18 months
-
Transparent Tribe, AKA APT36 and Mythic Leopard
Indian Defense Sector
Researchers from Cisco Talos reveal the details of the latest campaign of Transparent Tribe, targeting the Indian defense sector.
Targeted Attack
O Public administration and defence, compulsory social security
Computer hardware maker MSI is warning gamers not to visit a website that's impersonating the brand and its graphics card overclocking software, Afterburner, to push malware.
Malware
R Arts entertainment and recreation
CC
>1
MSI, Afterburner
81
13/05/2021
Since February 2021
-
FIN7
Multiple targets
Researchers from the BI.ZONE Cyber Threats Research Team reveal that the notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers.
Malware
Y Multiple Industries
CC
>1
BI.ZONE Cyber Threats Research Team, FIN7
82
13/05/2021
-
-
?
Rede Bahia
Rede Bahia is hit with a ransomware attack.
Malware
J Information and communication
CC
BR
Rede Bahia, ransomware
83
13/05/2021
-
-
?
City of Gary
The City of Gary is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Gary, ransomware
84
13/05/2021
-
-
Cl0p
Utility Trailer Manufacturing
Utility Trailer Manufacturing is hit by a Cl0p ransomware attack.
Malware
C Manufacturing
CC
US
Utility Trailer Manufacturing, Cl0p, ransomware
85
13/05/2021
Since April 2021
-
?
Multiple targets
Researchers from Anomali identify a campaign in which threat actors used Microsoft Build Engine (MSBuild) to filelessly deliver Remcos remote access tool (RAT) and password-stealing malware commonly known as RedLine Stealer.
Malware
Y Multiple Industries
CC
>1
Anomali, Microsoft Build Engine, MSBuild, Remcos,RedLine Stealer
86
14/05/2021
14/5/2021
14/5/2021
Conti
Ireland's Health Service Executive (HSE)
Ireland's Health Service Executive (HSE), the country's publicly funded healthcare system, shuts down all IT systems after it suffers a Conti ransomware attack.
Malware
Q Human health and social work activities
CC
IE
Ireland, Health Service Executive, HSE, Conti, ransomware
87
14/05/2021
14/5/2021
14/5/2021
DarkSide
Toshiba Tec Corp
Toshiba Tec Corp says it was struck by a ransomware attack impacting some regions in Europe. As a consequence, the networks between Japan, Europe, and its subsidiaries are shut down.
Malware
C Manufacturing
CC
JP
Toshiba Tec Corp, ransomware, DarkSide
88
14/05/2021
-
-
eCh0raix
Misconfigured QNAP servers
QNAP warns customers of eCh0raix ransomware attacks exploiting weak passwords targeting their Network Attached Storage (NAS) devices.
Malware
Y Multiple Industries
CC
>1
QNAP, eCh0raix, ransomware
89
14/05/2021
-
-
?
Vulnerable QNAP servers
QNAP warns customers of an actively exploited Roon Server 0-day targeting their Network Attached Storage (NAS) devices.
Vulnerability
Y Multiple Industries
CC
>1
QNAP, Roon Server
90
14/05/2021
-
-
REvil AKA Sodinokibi
Apex America
Apex America is hit by the Sodinokibi ransomware gang.
Malware
M Professional scientific and technical activities
CC
AR
Apex America, Sodinokibi, REvil, ransomware
91
14/05/2021
30/4/2021
30/4/2021
DarkSide
Möbelstadt Sommerlad
Möbelstadt Sommerlad, a retail furniture store in Germany, discloses that they had been the victim of a ransomware attack and extortion attempt by a DarkSide affiliate.
Malware
G Wholesale and retail trade
CC
DE
Möbelstadt Sommerlad, DarkSide, ransomware
92
15/05/2021
15/5/2021
15/5/2021
Avaddon
AXA (Asian operations)
French insurer AXA confirms that a ransomware attack affected its Asian operations. The Avaddon ransomware operators poste screenshots of information online.
Malware
K Financial and insurance activities
CC
FR
AXA, ransomware, Avaddon
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
It’s time to publish the statistics derived from the Cyber Attacks Timelines of April, where I have collected 240 significant events, 36 less than the record of March. Ransomware attacks…
April 2023 Cyber Attacks Timeline
The Biggest Data Breaches of 2023
Q1 2023 Cyber Attacks Statistics
1-15 April 2023 Cyber Attacks Timeline
2020 Cyber Attacks Statistics
