16-31 May 2021 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The second timeline of May is finally out confirming the decreasing trend (at least in terms of recorded events) that we have seen in the last few months. In fact, in this timeline I have collected 85 events, with an average rate of 5.32 events per day, which sets the minimum value for 2021. Unfortunately the “simple” number of breaches does not tell the whole story: the list of high-profile targets hit by ransomware especially continue to grow with disruptions that, unavoidably, cross the boundaries of cyber space.

Ransomware continues to dominate the threat landscape causing outages and disruptions worldwide (and yes, not even the pork meat is immune). In this timeline it has characterized, directly or indirectly one out of three events (precisely 34.12%). We are not at the same value of the previous timeline (around 45%), but the value remains high. And as I always point out, the real number could be even higher since too many organizations do not completely disclose the root cause of unspecified outages or disruptions tracked as the outcome of a generic “cyber attack”.

The season of mega breaches continues with more and more records leaked. Omiai (Japan’s biggest dating app – 1.71 million users), DailyQuiz (13 million users) and most importantly, the Indonesian Social Security Administrator for Health (200 million records) are just few example.

Another trend that does not seem to slow down is the exploitation of vulnerabilities, which equally continues to characterize the threat landscape. And it does not matter whether the target is a remote access technology, or an application server or even a mobile phone: generic cyber criminals or state-sponsored actors continue to take the maximum advantage from this opportunity.

Cloud-Native Threats in 2023

Similarly to what I have done in 2022, 2021, and 2020, I am listing those cyber attacks…

The Biggest Data Breaches of 2023

Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches…

16-31 December 2022 Cyber Attack Timeline

Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…

1-15 December 2022 Cyber Attack Timeline

In the first timeline of December, I have collected 147 events (corresponding to 9.8 events/day), a result slightly…

Cloud-Native Threats in 2022

This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…

Photo by Tima Miroshnichenko from Pexels

The Biggest Data Breaches of 2022

Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…

1-15 May 2021 Cyber Attacks Timeline

The first timeline of May is out! In this timeline I have collected 89 events, with an average rate of 5.9 events per day, that’s…

State-sponsored actors are always quite busy, they continue to exploit vulnerabilities, like UNC2630 or UNC2717, or even to shift their tactics, like Nobelium AKA APT29 or Cozy Bear. And curiously, even the Russian government revealed that foreign hackers had breached and stolen information from Russian federal executive bodies. Nobody is safe nowadays!

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/05/2021	-	-	?	Pi Network	Pi Network, a cryptocurrency mining app for mobile users, may have been connected to 17GB worth of personal data leaks.	Misconfiguration	V Fintech	CC	VN		Pi Network
2	16/05/2021	14/5/2021	14/5/2021	?	Daihatsu Diesel Company	The European operations of Daihatsu Diesel Company, a Toyota-owned company are hit with a ransomware attack.	Malware	C Manufacturing	CC	EU		Daihatsu Diesel Company, Toyota, ransomware
3	16/05/2021	-	-	Avaddon	Acer Finance	The Avaddon ransomware gang hits the France-based financial consultancy firm Acer Finance.	Malware	K Financial and insurance activities	CC	FR		Avaddon, ransomware, Acer Finance
4	17/05/2021	-	-	Bizarro	Customers of 70 banks in Europe and South America	Researchers from Kaspersky reveal the details of a new banking trojan named Bizarro, initially originating from Brazil, which has crossed the borders and started to target customers of 70 banks in Europe and South America.	Malware	K Financial and insurance activities	CC	>1		Kaspersky, Bizarro, Brazil, Europe, South America
5	17/05/2021	12/5/2021	12/5/2021	?	Guard.me	Student health insurance carrier Guard.me takes their website offline after a vulnerability allowed a threat actor to access policyholders' personal information.	Vulnerability	K Financial and insurance activities	CC	CA		Guard.me
6	17/05/2021	17/5/2021	17/5/2021	?	Ardagh Group	Glass and metal packaging giant Ardagh Group discloses a cyberattack that forced it to shut down certain systems and applications.	Unknown	C Manufacturing	CC	LU		Ardagh Group
7	17/05/2021	Since April 2021	Since April 2021	Keksec	Vulnerable Realtek and Linksys endpoints	Researchers from Uptycs reveal the details of Simps, a malware that infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.	CVE-2014-8361 vulnerability	Y Multiple Industries	CC	>1		Uptycs, Simps, Gafgyt, Keksec, Realtek, Linksys, CVE-2014-8361
8	17/05/2021	-	12/10/2020	?	Health Plan of San Joaquin	Health Plan of San Joaquin notifies more than 420,000 individuals of an email hack occurred last year.	Account Takeover	Q Human health and social work activities	CC	US		Health Plan of San Joaquin
9	18/05/2021	Over the course of the last few months	Over the course of the last few months	Multiple targets	Unpatched servers in the free tiers of cloud computing platforms.	Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms.	Misconfiguration	M Professional scientific and technical activities	CC	>1		GitHub, GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, Okteto
10	18/05/2021	18/5/2021	18/5/2021	Conti	Waikato District Health Board	Waikato District Health Board is hit with a Conti ransomware attack.	Malware	Q Human health and social work activities	CC	AU		Waikato District Health Board, Conti, ransomware
11	18/05/2021	17/5/2021	17/5/2021	?	Alaska Health Department	The Alaska Health Department website is the target of a malware attack, forcing to take offline the website.	Malware	Q Human health and social work activities	CC	US		Alaska Health Department
12	18/05/2021	-	-	?	Single individuals	Researchers at Tessian discover several meal-kit phishing campaigns, sending messages disguised as offers from meal-kit services, like HelloFresh and Gousto.	Account Takeover	X Individual	CC	>1		Tessian, HelloFresh, Gousto
13	18/05/2021	Since 23/04/2021	-	?	Chrome Users	A bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully manages to sneak its way in, and to dupe hundreds of people into downloading it.	Malicious Chrome Extension	X Individual	CC	>1		Chrome, Microsoft Authenticator,
14	18/05/2021	Mid-2018	14/5/2021	?	BtcTurk	Major Turkish crypto exchange BtcTurk confirms a data breach from mid-2018 that leaked sensitive information of over 500,000 users.	Unknown	V Fintech	CC	TR		BtcTurk
15	18/05/2021	-	7/4/2021	Astro Team	Eduro Healthcare	The Astro Team ransomware threat actors dump 40GB patient-related files allegedly from Eduro Healthcare.	Malware	Q Human health and social work activities	CC	US		Astro Team, ransomware, Eduro Healthcare
16	18/05/2021	18/5/2021	18/5/2021	?	Visalia Unified School District	Visalia Unified School District reveals to have been hit with a ransomware attack.	Malware	P Education	CC	US		Visalia Unified School District, ransomware
17	18/05/2021	18/5/2021	18/5/2021	?	Rockland Public Schools	The Rockland Public Schools district is hit with a ransomware attack.	Malware	P Education	CC	US		Rockland Public Schools, ransomware
18	18/05/2021	18/5/2021	18/5/2021	?	Národní knihovna ČR (National library of the Czech Republic)	Národní knihovna ČR (the national library of the Czech Republic) shuts down all the system after suffering a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	CZ		Národní knihovna ČR, National library of the Czech Republic
19	18/05/2021	Since February 2021	Since February 2021	?	Multiple targets	Researchers from Bitdefender identify a new RIG Exploit Kit campaign exploiting two scripting engine vulnerabilities in unpatched Internet Explorer browsers (CVE-2019-0752 and CVE-2018-8174) to distribute a WastedLocker variant missing the ransomware component and hence called WastedLoader.	CVE-2019-0752 and CVE-2018-8174 vulnerabilities	Y Multiple Industries	CC	>1		Bitdefender, RIG Exploit Kit, Internet Explorer, CVE-2019-0752, CVE-2018-8174, WastedLocker, WastedLoader
20	19/05/2021	During 2021	-	?	Android users	Google's Project Zero reveals that four Android security vulnerabilities were exploited in the wild before being patched earlier in May.	CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 vulnerabilities	Z Unknown	N/A	N/A		Google, Project Zero, Android, CVE-2021-1905, CVE-2021-1906, CVE-2021-28663, CVE-2021-28664
21	19/05/2021	7/3/2021	7/3/2021	?	Bose Corporation	Bose Corporation (Bose) discloses a data breach following a ransomware attack that hit the company's systems in early March.	Malware	C Manufacturing	CC	US		Bose Corporation, Bose, ransomware
22	19/05/2021	12/5/2021	12/5/2021	?	Tigerton School District’	The Tigerton School District is taken down by a ransomware attack.	Malware	P Education	CC	US		Tigerton School District, ransomware
23	19/05/2021	14/5/2021	14/5/2021	?	Stelliant Group	The Stelliant Group, a French Insurance firm, is paralyzed by a cyber attack.	Unknown	K Financial and insurance activities	CC	FR		Stelliant Group
24	20/05/2021	-	-	?	Multiple targets	Researchers from Microsoft reveal that a massive malware campaign is pushing the Java-based STRRAT remote access trojan (RAT), known for its data theft capabilities and the ability to fake ransomware attacks.	Malware	Y Multiple Industries	CC	>1		Microsoft, STRRAT
25	20/05/2021	-	-	Conti	16 U.S. healthcare and first responder organizations	The FBI reveals that the Conti ransomware gang has attempted to breach the networks of 16 U.S. healthcare and first responder organizations.	Malware	Q Human health and social work activities	CC	US		FBI, Conti, ransomware
26	20/05/2021	-	-	?	Domain Group	Australian digital real estate business, Domain Group, confirms its platform was the victim of a phishing attack.	Account Takeover	L Real estate activities	CC	AU		Domain Group
27	20/05/2021	-	-	?	Undisclosed target	Researchers from Armorblox reveal the detail of a first vishing campaign pretending to be an Amazon delivery.	Account Takeover	Z Unknown	CC	N/A		Armorblox, vishing, Amazon
28	20/05/2021	-	-	?	Undisclosed target	Researchers from Armorblox reveal the detail of an additional vishing campaign pretending to be an Amazon delivery.	Account Takeover	Z Unknown	CC	N/A		Armorblox, vishing, Amazon
29	20/05/2021	During the second week of May 2021	During the second week of May 2021	DarkSide	One Call	Insurance firm One Call is hit with a DarkSide ransomware attack.	Malware	K Financial and insurance activities	CC	UK		One Call, DarkSide, ransomware
30	20/05/2021	3/5/2021	3/5/2021	REvil AKA Sodinokibi	Betenbough Homes	Betenbough Homes have their data leaked by the Sodinokibi ransomware gang.	Malware	C Manufacturing	CC	US		REvil, Sodinokibi, Betenbough Homes
31	20/05/2021	20/5/2021	20/5/2021	?	Sierra College	The Sierra College is hit with a ransomware attack.	Malware	P	CC	US		Sierra College, ransomware
32	21/05/2021	During 2020	-	Foreign attackers	Russian federal executive bodies	The Russian government reveals that foreign hackers have breached and stolen information from Russian federal executive bodies.	Targeted Attack	O Public administration and defence, compulsory social security	CE	RU		Russia, FSB
33	21/05/2021	-	28/4/2021	?	Omiai	Japan’s biggest dating app, Omiai, is hacked and personal data of 1.71 million users such as drivers’ licenses, insurance cards, and passports is accessed by threat actors.	Unknown	R Arts entertainment and recreation	CC	JP		Omiai
34	21/05/2021	-	-	?	Auto Parts Manufacturing Mississippi	Another Toyota subsidiary, Auto Parts Manufacturing Mississippi, discloses a ransomware attack.	Malware	C Manufacturing	CC	US		Toyota, Auto Parts Manufacturing Mississippi, ransomware
35	21/05/2021	21/5/2021	21/5/2021	?	Grenoble-Alpes Métropole	The Grenoble-Alpes Métropole is hit by a DDoS attack.	DDoS	R Arts entertainment and recreation	CC	FR		Grenoble-Alpes Métropole
36	21/05/2021	21/5/2021	21/5/2021	?	City of Grenoble	The City of Grenoble is hit by a DDoS attack.	DDoS	R Arts entertainment and recreation	CC	FR		City of Grenoble
37	21/05/2021	Between 29/12/2020 and 18/03/2021	-	?	Beech Acres Parenting Center	The Beech Acres Parenting Center discovers that an employee email accounts with personal and sensitive information had been hacked and accessed between Dec. 29 and March 18	Account Takeover	Q Human health and social work activities	CC	US		Beech Acres Parenting Center
38	22/05/2021	-	21/5/2021	?	BPJS Kesehatan? (the Indonesian Social Security Administrator for Health)	A newly registered member of the RaidForums forum posts what they claim is a database containing 200 million records of personal information for Indonesian people.	Unknown	O Public administration and defence, compulsory social security	CC	ID		BPJS Kesehatan, RaidForums
39	22/05/2021	14/5/2021	14/5/2021	?	Université de Franche-Comté	The University of Franche-Comté (Université de Franche-Comté) is paralyzed by a cyber attack.	Unknown	P Education	CC	FR		Université de Franche-Comté
40	23/05/2021	21/5/2021	21/5/2021	?	Siegfried	The Siegfried Group is hit with a malware attack.	Malware	M Professional scientific and technical activities	CC	CH		Siegfried
41	24/05/2021	13/1/2021	During January 2021	?	DailyQuiz	The personal details of 13 million DailyQuiz users are leaked online after a hacker breached the quiz builder’s database and stole its content	Unknown	R Arts entertainment and recreation	CC	IL		DailyQuiz
42	24/05/2021	-	-	?	Apple macOS and tvOS users	Apple releases security updates to patch three macOS and tvOS zero-day vulnerabilities exploited in the wild (including the XCSSET malware) to bypass macOS privacy protections.	CVE-2021-30663, CVE-2021-30665, CVE-2021-30713 vulnerabilities	Y Multiple Industries	CC	>1		Apple, macOS, tvOS, XCSSET, CVE-2021-30663, CVE-2021-30665, CVE-2021-30713
43	24/05/2021	-	-	?	TPG Telecom	TPG Telecom reveals that it had the data of two customers accessed on its legacy TrustedCloud hosting service.	Unknown	J Information and communication	CC	AU		TPG Telecom, TrustedCloud
44	24/05/2021	15/5/2021	15/5/2021	?	Single individuals	Researchers from Bitdefender discover a first Tesla-themed Bitcoin scam campaign pretending to give away $5,000 worth of Bitcoins.	Malicious spam	X Individual	CC	>1		Bitdefender, Bitcoin, Tesla
45	24/05/2021	-	-	?	Single individuals	Researchers from Bitdefender discover a second Tesla-themed Bitcoin scam campaign pretending to give away $750M worth of Bitcoins.	Malicious spam	X Individual	CC	>1		Bitdefender, Bitcoin, Tesla
46	24/05/2021	-	-	Avaddon	Spine & Disc Medical Center	Spine & Disc Medical Center is hit with an Avaddon ransomware attack.	Malware	Q Human health and social work activities	CC	US		Spine & Disc Medical Center, Avaddon, ransomware
47	24/05/2021	24/3/2021	-	?	Harper County Community Hospital	Harper County Community Hospital discloses that it experienced a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Harper County Community Hospital
48	24/05/2021	8/5/2021	-	?	Groupe ISERBA	The Groupe ISERBA a French property maintenance firm is hit with a cyber attack.	Unknown	N Administrative and support service activities	CC	FR		Groupe ISERBA
49	25/05/2021	Since December 2020	Since December 2020	Agrius AKA Apostle	Multiple targets in Israel	Researchers from Sentinel One reveal the details of Agrius, an Iranian hacking group camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign.	Malware	Y Multiple Industries	CE	IL		Sentinel One, Agrius, iran, Israel, Apostle
50	25/05/2021	24/5/2021	-	?	Multiple Japanese government entities	Japanese tech giant Fujitsu temporarily takes down its ProjectWEB enterprise SaaS platform after hackers gained access to its systems and stole files belonging to multiple Japanese government entities.	Unknown	O Public administration and defence, compulsory social security	CE	JP		Fujitsu, ProjectWEB
51	25/05/2021	During April 2019	During March 2021	?	Belgian Interior Ministry	Belgian officials said that hackers breached the network of its interior ministry in a security incident that took place in April 2019.	Targeted Attack	O Public administration and defence, compulsory social security	CE	BE		Hafnium
52	25/05/2021	-	-	?	Undisclosed target(s)	The CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns that Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild.	CVE-2021-27852 vulnerability	Z Unknown	N/A	N/A		CERT Coordination Center, CERT/CC, Carnegie Mellon University, Checkbox Survey, CVE-2021-27852
53	25/05/2021	-	-	TeamTNT	Misconfigured Kubernetes clusters	Researchers from Trend Micro report that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group.	Misconfiguration	Y Multiple Industries	CC	>1		Trend Micro, Kubernetes, TeamTNT
54	25/05/2021	-	-	?	CEFCO Convenience Stores	Hackers post 42 gigabytes of data allegedly stolen from CEFCO Convenience Stores.	Unknown	G Wholesale and retail trade	CC	US		CEFCO Convenience Stores
55	25/05/2021	Since 2018	-	?	Marietta City School	Marietta City School reveals that a number of employees had their emails hacked since 2018	Account Takeover	P Education	CC	US		Marietta City School
56	25/05/2021	22/5/2021	22/5/2021	?	Eastern Hancock Schools	Eastern Hancock Schools fall victim of a ransomware attack.	Malware	P Education	CC	US		Eastern Hancock Schools, ransomware
57	26/05/2021	During December 2020	During December 2020	Lorenz	Commport Communications	Canada Post informs 44 of its large commercial customers that a ransomware attack on Commport Communications, a third-party service provider, exposed shipping information for their customers.	Malware	N Administrative and support service activities	CC	CA		Canada Post, Commport Communications, Lorenz, ransomware
58	26/05/2021	During April 2021	During April 2021	?	Multiple targets	Researchers from Proofpoint discover a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang.	Malware	Y Multiple Industries	CC	>1		Proofpoint, BazarCall, BazarLoader, TrickBot
59	26/05/2021	Since 21/04/2021	Since 21/04/2021	?	Multiple targets	Researchers from Crowdstrike discover a new malvertising campaign exploiting a fake version of the popular remote desktop application AnyDesk.	Malvertising	Y Multiple Industries	CC	>1		Crowdstrike, AnyDesk
60	26/05/2021	Third week of May 2021	Third week of May 2021	-	Volunteer Service Abroad (VSA)	Volunteer Service Abroad (VSA) announces it had been the victim of a “sophisticated” ransomware attack.	Malware	Q Human health and social work activities	CC	NZ		Volunteer Service Abroad, VSA, ransomware
61	26/05/2021	-	-	PayOrG AKA PayOrGrief	Clover Park School District	The Clover Park School District suffers a PayOrG (PayOrGrief) ransomware attack.	Malware	P Education	CC	US		Clover Park School District, PayOrG, PayOrGrief, ransomware
62	26/05/2021	19/5/2021	19/5/2021	?	Waschbär	Waschbär, an environmentally friendly online retailer, reports a cyber attack.	Unknown	G Wholesale and retail trade	CC	DE		Waschbär
63	26/05/2021	21/4/2021	21/4/2021	DarkSide	BLK Sport	BLK Sport discloses that they had been hit by a DarkSide ransomware attack on April 21, 2021.	Malware	G Wholesale and retail trade	CC	AU		BLK Sport, ransomware, DarkSide
64	27/05/2021	25/5/2021	25/5/2021	Nobelium AKA APT29 or Cozy Bear	Around 3,000 accounts in 24 countries linked to government agencies, think tanks, consultants, and non-governmental organizations	Microsoft warns that Nobelium is currently conducting a phishing campaign after the Russian-backed group managed to take control of the account used by USAID on the email marketing platform Constant Contact.	Account Takeover	Y Multiple Industries	CE	>1		Microsoft, Nobelium, USAID, Constant Contact, APT29, Cozy Bear
65	27/05/2021	-	-	Chinese-speaking threat actor	Uyghurs minority	Researchers from Check Point and Kaspersky reveal the details of a campaign designed to spy on Uyghurs, abusing the United Nations (UN) branding.	Targeted Attack	X Individual	CE	CN		Check Point, Kaspersky, Uyghurs, United Nations, Uyghurs
66	27/05/2021	27/5/2021	27/5/2021	Avaddon	Lotería Nacional	Mexico's Lotería Nacional suffers an Avaddon ransomware attack and blocks access to IP addresses outside of Mexico after the ransomware gang threatened to perform denial of service attacks.	Malware	R Arts entertainment and recreation	CC	MX		Lotería Nacional, Avaddon, ransomware
67	27/05/2021	From October 2020 until March 2021	-	UNC2717	Global government agencies	Researchers from FireEye reveal that the Chinese threat group UNC2717 continues to deploy new malware strains on the compromised network of dozens of US and EU government organizations after exploiting vulnerable Pulse Secure VPN appliances.	Pulse Secure vulnerability	O Public administration and defence, compulsory social security	CE	>1		FireEye, UNC2717, Pulse Secure VPN
68	27/05/2021	From August 2020 until March 2021	-	UNC2630	US DIB companies	Researchers from FireEye reveal that the Chinese threat group UNC2630 continues to deploy new malware strains on the compromised network of dozens of US Defence organizations after exploiting vulnerable Pulse Secure VPN appliances.	Pulse Secure vulnerability	Y Multiple Industries	CE	US		FireEye, UNC2630, Pulse Secure VPN
69	27/05/2021	27/5/2021	27/5/2021	Avaddon	Pronósticos Deportivos	Mexico's Pronósticos Deportivos suffers an Avaddon ransomware attack and blocks access to IP addresses outside of Mexico after the ransomware gang threatened to perform denial of service attacks.	Malware	R Arts entertainment and recreation	CC	MX		Pronósticos Deportivos, Avaddon, ransomware
70	27/05/2021	During May 2021	During May 2021	Undisclosed APT	U.S. municipal government	The Federal Bureau of Investigation (FBI) says state-sponsored attackers breached the webserver of a U.S. municipal government after hacking a Fortinet appliance.	CVE-2018-13379, CVE-2020-12812, CVE-2019-5591 vulnerability	O Public administration and defence, compulsory social security	CE	US		Federal Bureau of Investigation, FBI, Fortinet, CVE-2018-13379, CVE-2020-12812, CVE-2019-5591
71	27/05/2021	31/3/2020	31/3/2020	?	City of Philadelphia	The City of Philadelphia releases an update on an investigation into a data breach that left some employee email accounts accessible to unauthorized individuals.	Account Takeover	O Public administration and defence, compulsory social security	CC	US		City of Philadelphia
72	27/05/2021	Since at least February 2021	During April 2021	?	Vulnerable Control Web Panel instances	Researchers from Juniper and Qihoo 360’s Netlab discover a sophisticated threat actor targeting vulnerable instances of the Control Web Panel hosting software in order to install backdoors and drop rootkits on Linux servers via a backdoor called Facefish.	Vulnerability	Y Multiple Industries	CC	>1		Juniper, Qihoo 360, Control Web Panel, CWP, Facefish
73	27/05/2021	-	-	?	Undisclosed target	Researchers from Cofense discover a phishing campaign carried out via spoofed CIO ‘pandemic guideline.’	Account Takeover	Z Unknown	CC	N/A		Cofense, COVID-19
74	27/05/2021	-	-	?	Swedish Public Health Agency (Folkhälsomyndigheten)	The Swedish Public Health Agency (Folkhälsomyndigheten) shuts down SmiNet, the country's infectious diseases database, after it was targeted in several hacking attempts.	Unknown	Q Human health and social work activities	CC	SE		Swedish Public Health Agency, Folkhälsomyndigheten, SmiNet
75	27/05/2021	-	-	?	Carl Pei's Twitter account	Carl Pei, the co-founder of smartphone firm OnePlus, has his Twitter account hacked to promote a Cryptocurrency scam.	Account Takeover	X Individual	CC	CN		Carl Pei, OnePlus, Twitter, crypto
76	27/05/2021	-	-	?	Residents in Iowa	The Iowa Workforce Development says that a fraudulent website that mirrors IWD's claims portal is attempting to collect personal information from Iowans.	Account Takeover	X Individual	CC	US		Iowa Workforce Development, IWD
77	28/05/2021	Mid May 2021	Mid May 2021	Red Epsilon	Vulnerable Microsoft Exchange servers	Researchers from Sophos discover a new ransomware strain, dubbed Red Epsilon, targeting vulnerable Microsoft Exchange servers.	Multiple vulnerabilities	Y Multiple Industries	CC	>1		Sophos, ransomware, Red Epsilon, Microsoft Exchange
78	28/05/2021	Between 02/06/2019 and 01/12/2020	3/11/2020	?	Hoboken Radiology	Hoboken Radiology discloses a breach of an imaging server.	Unknown	Q Human health and social work activities	CC	US		Hoboken Radiology
79	28/05/2021	9/2/2021	9/2/2021	?	Sturdy Memorial Hospital	The Sturdy Memorial Hospital is hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Sturdy Memorial Hospital, ransomware
80	28/05/2021	11/1/2021	11/1/2021	?	20/20 Eye Care Network and 20/20 Hearing Care Network	20/20 Eye Care Network and 20/20 Hearing Care Network notify 3,253,822 health plan members of breach that deleted contents of AWS buckets.	Misconfiguration	Q Human health and social work activities	CC	US		20/20 Eye Care Network, 20/20 Hearing Care Network
81	28/05/2021	13/5/2021	13/5/2021	?	Clark County	Clark County officials say that a majority of their operations have been restored since a malware attack caused most of their servers to go down earlier this month.	Malware	O Public administration and defence, compulsory social security	CC	US		Clark County
82	29/05/2021	Mid May 2021	Mid May 2021	?	Single individuals	A phishing campaign, pretending to be from Walmart tries to lure the victims with a fake delivery notification.	Account Takeover	X Individual	CC	US		Walmart
83	29/05/2021	-	-	PayOrG AKA PayOrGrief	Municipality of Porto Sant’Elpidio	The Municipality of Porto Sant’Elpidio is hit with a PayOrG (PayOrGrief) ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	IT		Municipality of Porto Sant’Elpidio, PayOrG, PayOrGrief, ransomware
84	30/05/2021	-	17/3/2021	DoppelPaymer	Azusa Police Department	Azusa Police Department in California reveals to have been hit by a DoppelPaymer ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US		Azusa Police Department, DoppelPaymer, ransomware
85	31/05/2021	31/5/2021	31/5/2021	REvil AKA Sodinokibi	JBS Foods	JBS Foods, a leading food company and the largest meat producer globally, shuts down production at multiple sites worldwide following a cyberattack.	Unknown	I Accommodation and food service activities	CC	NL		JBS Foods, REvil, Sodinokibi
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

The Biggest Data Breaches of 2021

Leaky Buckets

A List of Cloud Misconfigurations

Cloud-Native Threats In 2021

A list of the main cloud-native threats 2021

Previous slide

Next slide

The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.