The first timeline of June is out with a trend that, after slowing down for a few months, is now restarting to grow. In this timeline I have collected 109 events, a sharp increase compared to the 85 incidents reported in the second timeline of May.
Ransomware continues to dominate the threat landscape with values similar to the previous timelines. Even in this one it has characterized, directly or indirectly, 38 events out of 109, corresponding to 34.86%, very close to 34.12% in the second timeline of may. And bear in mind that, as I always point out, the real number could be even higher since too many organizations do not completely disclose the root cause of unspecified outages or disruptions tracked as the outcome of a generic “cyber attack”.
More high-profile targets have joined the list of victims of mega breaches including some Italian healthcare organizations and a primary car manufacturer, as also, another trend that continued over the course of this month is the exploitation of vulnerabilities. New 0-days exploited in the wild were revealed and patched by Google and Microsoft.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The second timeline of May is finally out confirming the decreasing trend (at least in terms of recorded events) that we have seen in the last few months. In fact, in this timeline I have collected…
Similarly to the previous months, state-sponsored actors continue to be busy, exploiting vulnerabilities, like the new PuzzleMaker group. Other campaigns involve well-known actors such as Kimsuky, Mustang Panda, APT28, and SharpPanda.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/06/2021
-
-
Kimsuky (AKA Thallium, Black Banshee and Velvet Chollima)
High profile people within the government of South Korea
Researchers from Malwarebytes revel the details of the latest campaign by the North Korean group Kimsuky, targeting the South Korean government using the AppleSeed backdoor.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
Malwarebytes, North Korea, Kimsuky, South Korea, AppleSeed, Thallium, Black Banshee, Velvet Chollima
2
01/06/2021
Earlier in May 2021
Earlier in May 2021
Conti
Exagrid
Backup appliance specialist Exagrid is hit by a Conti ransomware in May with cyber criminals downloading employee and customer data, confidential contracts and source code, and ends up paying $2.6M to the attackers.
Malware
C Manufacturing
CC
US
Exagrid, Conti, ransomware
3
01/06/2021
1/6/2021
31/5/2021
?
Vulnerable WordPress servers
Researchers from Wordfence reveal that threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware.
WordPress plugin vulnerability
Y Multiple Industries
CC
>1
Wordfence, Fancy Product Designer, WordPress
4
01/06/2021
-
-
?
Android users of mobile banking applications.
Bitdefender researchers identify five new malicious Android applications that pack the Teabot banking trojan and impersonate real ones.
Malware
K Financial and insurance activities
CC
>1
Bitdefender, Android,Teabot
5
01/06/2021
30/5/2021
30/5/2021
EpsilonRed
Nucleus Software Exports
Nucleus Software Exports, an Indian company that provides lending software to banks and retail stores, suffers a major ransomware attack that crippled some of its internal networks and encrypted sensitive business information.
Malware
M Professional scientific and technical activities
CC
IN
Nucleus Software Exports, ransomware, EpsilonRed
6
01/06/2021
-
26/5/2021
kilobyte
DDoS-Guard
Researchers from Group-IB reveal that the database and source code, allegedly related to bulletproof hosting DDoS-Guard, once Parler’s service provider, is up for sale on the hacker forum exploit[.]in.
Unknown
M Professional scientific and technical activities
Union Community School District is hit by a DoppelPaymer ransomware attack.
Malware
P Education
CC
US
Union Community School District, DoppelPaymer, ransomware
8
01/06/2021
During December 2020
-
?
Ralph Engelstad Arena
318 employees at the Ralph Engelstad Arena in Grand Forks are victims of a data security breach.
Unknown
R Arts entertainment and recreation
CC
US
Ralph Engelstad Arena
9
01/06/2021
7/4/2021
-
?
Glacier Medical Associates
Glacier Medical Associates announces that the medical practice detected and stopped a data security breach that occurred on April 7.
Unknown
P Education
CC
US
Glacier Medical Associates
10
01/06/2021
-
-
PayOrG AKA PayOrGrief
Home Decor GB
Home Decor GB is hit with a PayOrGrief ransomware attack.
Malware
C Manufacturing
CC
UK
Home Decor GB, PayOrGrief, PayOrG, ransomware
11
01/06/2021
-
-
PayOrG AKA PayOrGrief
La Concha
La Concha is hit with a PayOrGrief ransomware attack.
Malware
I Accommodation and food service activities
CC
MX
La Concha, PayOrGrief, PayOrG, ransomware
12
01/06/2021
-
-
PayOrG AKA PayOrGrief
Puntacana Group
Puntacana Group is hit with a PayOrGrief ransomware attack.
Malware
N Administrative and support service activities
CC
DO
Puntacana Group, PayOrGrief, PayOrG, ransomware
13
02/06/2021
21/4/2021
21/4/2021
Chinese-backed threat actors
New York City's Metropolitan Transportation Authority (MTA)
Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a Pulse Secure zero-day.
Pulse Secure vulnerability
H Transportation and storage
CE
US
China, New York City's Metropolitan Transportation Authority, MTA, Pulse Secure
14
02/06/2021
31/5/2021
31/5/2021
?
UF Health Central Florida
UF Health Central Florida suffers a ransomware attack that forces two hospitals (UF Health The Villages and UF Health Leesburg) to shut down portions of their IT network.
Malware
Q Human health and social work activities
CC
US
UF Health Central Florida, ransomware, (UF Health The Villages, UF Health Leesburg
15
02/06/2021
2/6/2021
2/6/2021
Mustang Panda AKA RedEcho, or Bronze President
Website of the Myanmar president’s office
Researchers from ESET reveal that a cyber-espionage group is believed to have hacked the website of the Myanmar president’s office and planted a backdoor trojan inside a localized Myanmar font package available for download on the site’s front page.
Targeted Attack
O Public administration and defence, compulsory social security
CE
MM
ESET, Myanmar, Mustang Panda, RedEcho, Bronze President
16
02/06/2021
During May 2021
During May 2021
?
Multiple targets
Researchers from Morphisec identify a malvertising campaign using Google's pay-per-click (PPC) ads to distribute malicious AnyDesk, Dropbox and Telegram packages wrapped as ISO images.
Security researchers from Cluster25 discover a new piece of malware called SkinnyBoy, used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28.
Targeted Attack
O Public administration and defence, compulsory social security
Southeast Asian government's Ministry of Foreign Affairs.
Researchers from Check Point discover SharpPanda, a Chinese APT group targeting a Southeast Asian Government with a previously unknown backdoor
Targeted Attack
O Public administration and defence, compulsory social security
CE
N/A
Check Point, SharpPanda,
21
03/06/2021
2/6/2021
2/6/2021
?
Steamship Authority
The Steamship Authority, Massachusetts' largest ferry service, is hit by a ransomware attack, which led to ticketing and reservation disruptions.
Malware
H Transportation and storage
CC
US
Steamship Authority, ransomware
22
03/06/2021
-
-
FreakOut (AKA Necro and N3Cr0m0rPh)
Vulnerable VMware servers
Researchers from Cisco Talos reveal that FreakOut, a multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed unpatched VMware vCenter servers.
Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, go down in what multiple sources have described as a ransomware attack.
Malware
J Information and communication
CC
US
Cox Media Group, ransomware
24
03/06/2021
During May 2021
-
REvil AKA Sodinokibi
Sol Oriens
Sol Oriens, a subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA), is hit by a REvil ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Sol Oriens, REvil, Sodinokibi, ransomware
25
03/06/2021
3/6/2021
3/6/2021
?
Furniture Village
Furniture Village, the UK's largest independent furniture retailer with 54 stores nationwide, is hit by a "cyber-attack."
Unknown
G Wholesale and retail trade
CC
UK
Furniture Village
26
03/06/2021
2/6/2021
2/6/2021
?
Des Moines Area Community College (DMACC)
Des Moines Area Community College (DMACC) announces that it is "currently working to restore Internet service across the College," after an alleged ransomware attack.
Malware
P Education
CC
US
Des Moines Area Community College, DMACC, ransomware
27
03/06/2021
-
27/5/2021
PayOrG AKA PayOrGrief
Mobile County
Mobile County joins the list of the PayOrGrief ransomware gang.
Malware
O Public administration and defence, compulsory social security
CC
US
Mobile County, PayOrGrief, ransomware, PayOrG
28
03/06/2021
Between 11/06/2021 and 21/06/2021
-
?
Western Michigan University WMed
WMed alerts employees, former employees and their beneficiaries covered under employee healthcare coverage about a data security incident caused by a phishing attack.
Account Takeover
P Education
CC
US
Western Michigan University, WMed
29
04/06/2021
2/6/2021
2/6/2021
REvil AKA Sodinokibi
Fujifilm
Fujifilm officially confirms that they had suffered a ransomware attack earlier this week that disrupted business operations.
Malware
M Professional scientific and technical activities
CC
JP
Fujifilm, ransomware, REvil, Sodinokibi
30
04/06/2021
-
3/6/2021
Multiple actors
Vulnerable VMware servers
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against CVE-2021-21985, a critical remote code execution (RCE) vulnerability impacting all vCenter deployments.
CVE-2021-21985 vulnerability
Y Multiple Industries
CC
>1
VMware vCenter, CVE-2021-21985
31
04/06/2021
-
-
?
Organizing committee for the Tokyo Olympics
The organizing committee for the Tokyo Olympics becomes the latest victim to be hit by a data breach through unauthorized access to ProjectWEB, the information-sharing tool developed by Fujitsu Ltd.
Unknown
R Arts entertainment and recreation
CE
JP
The organizing committee for the Tokyo Olympics, ProjectWEB, Fujitsu Ltd.
32
04/06/2021
-
-
?
Multiple targets
Researchers from INKY discover a phishing campaign using the Colonial Pipeline ransomware attack as a bait.
Account Takeover
Y Multiple Industries
CC
>1
INKY, Colonial Pipeline
33
04/06/2021
3/6/2021
3/6/2021
?
Cooperative banks in Germany
Fiducia & GAD IT AG, the IT provider for German Cooperative banks reveals that more than 800 financial institutions are being hit with a DDoS attack.
DDoS
K Financial and insurance activities
CC
DE
Fiducia & GAD IT AG
34
04/06/2021
17/5/2021
-
?
Multiple targets
Researchers at Fortinet detail a new Agent Tesla campaign that distributes an updated version of the malware via phishing emails.
Malware
Y Multiple Industries
CC
>1
Fortinet, Agent Tesla
35
04/06/2021
-
31/5/2021
?
New York Pizza
New York Pizza, one of the largest pizza restaurant chains in the Netherlands, discloses a security breach after a hacker tried to extort the company over the weekend.
Unknown
I Accommodation and food service activities
CC
NL
New York Pizza
36
04/06/2021
Earlier in June 2021
Earlier in June 2021
Russian threat actors
Ukrainian government and private sector
The Ukrainian Secret Service, the Ukrainian Cyber Police, and CERT Ukraine warn of a “massive” spear-phishing operation carried out by Russian threat actors against the Ukrainian government and private sector.
At least 100 organizations, predominately based in the US
Researchers from Black Lotus Labs team discover a hacktivist campaign affecting internet-exposed routers and switches, abusing the victims’ misconfigured Cisco Smart Install protocol
Misconfiguration
Y Multiple Industries
H
>1
Black Lotus Labs, Cisco Smart Install
38
04/06/2021
Since August 2020
Since August 2020
TeamTNT
Multiple targets
Researchers from Palo Alto report that TeamTNT is using compromised credentials to attack AWS cloud environments and 16 additional applications, including Google Cloud credentials.
Account Takeover
Y Multiple Industries
CC
>1
Palo Alto, AWS, Google Cloud
39
04/06/2021
4/6/2021
4/6/2021
?
Produits de Revêtement du Bâtiment (PRB)
Produits de Revêtement du Bâtiment (PRB) is hit with a cyber attack.
Unknown
C Manufacturing
CC
FR
Produits de Revêtement du Bâtiment, PRB
40
04/06/2021
3/6/2021
3/6/2021
?
Taiwan Kadokawa
Taiwan Kadokawa reveals to have been hit with a ransomware attack.
Malware
S Other service activities
CC
TW
Taiwan Kadokawa
41
04/06/2021
10/5/2021
10/5/2021
?
J. J. Keller
America's largest propane provider, AmeriGas, disclosed a data breach that impacted 123 employees after J. J. Keller, a third-party vendor, suffered a phishing attack.
Account Takeover
N Administrative and support service activities
CC
US
AmeriGas, J. J. Keller
42
04/06/2021
7/9/2020
8/9/2020
?
San Juan Regional Medical Center
San Juan Regional Medical Center notifies 68,792 patients that their data was accessed and stolen, after a phishing attack.
Account Takeover
Q Human health and social work activities
CC
US
San Juan Regional Medical Center
43
05/06/2021
4/6/2021
4/6/2021
?
Gaurav Gupta’s official Twitter account
Bruhat Bengaluru Mahanagara Palike chief commissioner Gaurav Gupta’s official Twitter account was hacked
A report from the Henry Jackson Society reveals that over the last few years, Iran has sought to interfere in the constitutional integrity of the United Kingdom, targeting the political system via the medium of online disinformation and fake websites.
Fake Websites
O Public administration and defence, compulsory social security
CW
UK
Henry Jackson Society, United Kingdom, Iran
46
06/06/2021
3/6/2021
3/6/2021
?
Apache Pizza
Apache Pizza, a chain of take-out pizza delivery restaurants in Ireland, confirms that they had a cybersecurity breach that resulted in information about deliveries being accessed by threat actors.
Unknown
I Accommodation and food service activities
CC
IE
Apache Pizza
47
06/06/2021
Between 05/03/2021 and 09/03/2021
-
?
Northwestern Illinois Area Agency on Aging
The Northwestern Illinois Area Agency on Aging notifies its clients of a data breach.
Unknown
Q Human health and social work activities
CC
US
Northwestern Illinois Area Agency on Aging
48
06/06/2021
In the fall of 2018
-
?
Azusa Police Department
The Azusa Police Department reveals to have suffered an additional ransomware attack in the fall of 2018 and paid a $65,000 ransomware to the attackers.
Malware
O Public administration and defence, compulsory social security
CC
US
Azusa Police Department, ransomware
49
06/06/2021
-
-
?
Municipality of Pont-Saint-Esprit
The Municipality of Pont-Saint-Esprit is hi with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Municipality of Pont-Saint-Esprit, ransomware
50
07/06/2021
Early May 2021
Early May 2021
Xing Team
LineStar Integrity Services
LineStar Integrity Services, a pipeline-focused business is hit by a ransomware attack and has 70 gigabytes of its internal files stolen and dumped onto the dark web.
Malware
D Electricity gas steam and air conditioning supply
CC
US
LineStar Integrity Services, ransomware, Xing Team
51
07/06/2021
20/5/2021
20/5/2021
?
Navistar International Corporation (Navistar)
Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021.
Unknown
C Manufacturing
CC
US
Navistar International Corporation, Navistar
52
07/06/2021
Since March 2021
During March 2021
?
?
Researchers from Palo Alto Networks discover Siloscape, a malware targeting Kubernetes clusters through Windows containers, to open a backdoor into poorly configured Kubernetes clusters to run malicious containers.
Malware
Y Multiple Industries
CC
>1
Palo Alto Networks, Siloscape, Kubernetes
53
07/06/2021
-
-
?
U.S. securities industries
FINRA (Financial Industry Regulatory Authority), the U.S. securities industry regulator, warns brokerage firms of an ongoing phishing campaign threatening recipients with penalties.
Account Takeover
K Financial and insurance activities
CC
US
FINRA, Financial Industry Regulatory Authority
54
07/06/2021
Just before Christmas 2020
27/5/2021
?
One Treasure Island
One Treasure Island, a nonprofit organizations, looses $650,000 to unknown hackers.
Business Email Compromise
Q Human health and social work activities
CC
US
One Treasure Island
55
07/06/2021
5/6/2021
5/6/2021
?
Pearl GmbH
Pearl GmbH takes offline its online shop after suffering a cyber attack.
Unknown
G Wholesale and retail trade
CC
DE
Pearl GmbH
56
07/06/2021
-
-
?
Camaïeu
French retailer Camaïeu is hit with a ransomware attack.
Unknown
G Wholesale and retail trade
CC
FR
Camaïeu
57
08/06/2021
14-15/04/2021
14-15/04/2021
PuzzleMaker
Multiple companies worldwide
Kaspersky security researchers discover a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide.
CVE-2021-31955, CVE-2021-31956, CVE-2021-21224
Y Multiple Industries
CE
>1
Kaspersky, PuzzleMaker, Google Chrome, Windows 10, CVE-2021-31955, CVE-2021-31956, CVE-2021-21224
58
08/06/2021
23/5/2021
23/5/2021
Ragnar Locker
ADATA
Taiwan-based leading memory and storage manufacturer ADATA says that a ransomware attack forced it to take systems offline after hitting its network in late May.
Malware
C Manufacturing
CC
TW
ADATA, Ragnar Locker, Ransomware
59
08/06/2021
-
-
?
Multiple targets
Researchers from Crowdstrike reveal that malicious actors are exploiting CVE-2019-7481, an old vulnerability targeting SonicWall devices.
CVE-2019-7481 vulnerability
Y Multiple Industries
CC
>1
Crowdstrike, CVE-2019-7481, SonicWall
60
08/06/2021
-
-
?
New York City's Law Department
New York City's Law Department is hit with a cyberattack that forces officials to take the 1,000-lawyer agency offline.
Unknown
O Public administration and defence, compulsory social security
CC
US
New York City's law department
61
08/06/2021
8/6/2021
8/6/2021
?
iConstituent
iConstituent, a platform built to facilitate communication between US politicians and local residents, is hit with a ransomware attack.
Malware
N Administrative and support service activities
CC
US
iConstituent, ransomware
62
08/06/2021
-
-
?
Undisclosed target(s)
Microsoft patches six actively exploited Windows zero-days.
Researchers from G Data reveal the details of SteamHide, a malware abusing the gaming platform Steam to serve payloads for malware downloaders.
Malware
R Arts entertainment and recreation
CC
>1
G Data, SteamHide, Steam
64
09/06/2021
9/6/2021
9/6/2021
?
Spanish Ministry of Labor and Social Economy (MITES)
The Spanish Ministry of Labor and Social Economy (MITES) is hit by a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
ES
Spanish Ministry of Labor and Social Economy, MITES
65
09/06/2021
Since Mid-2020
-
Gelsemium
Governments, universities, electronics manufacturers and religious organizations in East Asia and the Middle East
Researchers from ESET discover a new campaign by the Gelsemium threat actor, targeting multiple targets in Middle East via three new malware modules: the dropper Gelsemine, the loader Gelsenicine, and the main plugin Gelsevirine
Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.
Misconfiguration
Y Multiple Industries
CC
>1
Microsoft, Kubernetes, Kubeflow, Monero, Ethereum
67
09/06/2021
Since March 2021
Since March 2021
?
Multiple US critical infrastructure sectors
The FBI warns private sector companies of scammers impersonating construction companies in business email compromise (BEC) attacks targeting organizations from multiple US critical infrastructure sectors.
Business Email Compromise
Y Multiple Industries
CC
US
Federal Bureau of Investigation, FBI
68
09/06/2021
-
-
?
Undisclosed target(s)
Google releases Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.
CVE-2021-30551 vulnerability
Z Unknown
N/A
N/A
Google Chrome 91.0.4472.101, CVE-2021-30551
69
09/06/2021
-
-
?
Skinners' Kent Academy and Skinners' Kent Primary School
Skinners' Kent Academy and Skinners' Kent Primary School are hit with a ransomware attack.
Malware
P Education
CC
UK
Skinners' Kent Academy, Skinners' Kent Primary School, ransomware
70
09/06/2021
During 2017
-
Hackers working on behalf of Russian intelligence
Dutch police
An investigation reveals that hackers working on behalf of Russian intelligence breached the internal network of Dutch police in 2017 during the country’s investigation of the MH-17 crash.
Vulnerability
O Public administration and defence, compulsory social security
CE
NL
Dutch police, Russia
71
09/06/2021
Between 05/06/2021 and 08/06/2021
-
?
Al Jazeera
Arab news conglomerate Al Jazeera says it blocked a series of cyberattacks that attempted to breach, disrupt, and control some parts of its news publishing platform.
Unknown
J Information and communication
N/A
QA
Al Jazeera
72
09/06/2021
Between 2018 and 2020
-
?
Multiple targets
Researchers from NordLocker uncover a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time of the database’s discovery.
Malware
Y Multiple Industries
CC
>1
NordLocker
73
09/06/2021
8/6/2021
8/6/2021
?
Kingsthorpe College
Kingsthorpe College suffers a severe cyber attack.
Unknown
P Education
CC
UK
Kingsthorpe College
74
09/06/2021
-
7/5/2021
ALTDOS
AudioHouse
ALTDOS claims to have hacked and stolen more than 290,000 customers’ personal information from AudioHouse, one of Singapore’s largest electronic retailers
Unknown
G Wholesale and retail trade
CC
SG
ALTDOS, AudioHouse
75
09/06/2021
4/6/2021
ALTDOS
Unispec Group Singapore
ALTDOS claims to have attacked Unispec Group Singapore, and dumps some company data.
Unknown
N Administrative and support service activities
CC
SG
ALTDOS, Unispec Group Singapore
76
09/06/2021
-
31/5/2021
?
City University of New York (CUNY.org)
The City University of New York has 11 GB leaked on Marketo.
Unknown
P Education
CC
US
City University of New York, CUNY.org
77
09/06/2021
2/12/2020
2/12/2020
?
Michigan Fitness Foundation
Michigan Fitness Foundation notifies provides notice of a phishing incident.
Account Takeover
S Other service activities
CC
US
Michigan Fitness Foundation
78
09/06/2021
26/2/2021
26/2/2021
?
Victor Valley Union High School District
Victor Valley Union High School District reveals it was infected with malware in February 2021.
Malware
P Education
CC
US
Victor Valley Union High School District
79
09/06/2021
-
-
REvil AKA Sodinokibi
Arnoff Moving & Storage
The REvil AKA Sodinokibi ransomware gang claims to have hacked Arnoff Moving & Storage.
The Municipality of Macaé suffers a malware (ransomware?) attack.
Malware
O Public administration and defence, compulsory social security
CC
BR
Municipality of Macaé, ransomware
81
10/06/2021
-
-
?
Electronic Arts (EA)
Electronic Arts (EA) confirms to have been hacked with threat actors claiming to have stolen roughly 750 GB of data, including game source code and debug tools.
Account Takeover
R Arts entertainment and recreation
CC
US
Electronic Arts, EA
82
10/06/2021
Since at least 2017
-
BackdoorDiplomacy
Diplomats across Africa and the Middle East
Researchers from ESET discover a new threat group, dubbed BackdoorDiplomacy, targeting diplomats across Africa and the Middle East via the Turian backdoor.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
ESET, BackdoorDiplomacy, Turian
83
10/06/2021
Earlier in the same week
Earlier in the same week
?
Edward Don
Foodservice supplier Edward Don suffers a ransomware attack that causes the company to shut down portions of the network to prevent the attack's spread.
Malware
N Administrative and support service activities
CC
US
Edward Don, ransomware
84
10/06/2021
-
-
Fancy Lazarus
Multiple targets
Researchers from Proofpoint track a new campaign by the DDoS extortion group known as "Fancy Lazarus"
DDoS
Y Multiple Industries
CC
>1
Proofpoint, Fancy Lazarus
85
10/06/2021
10/6/2021
10/6/2021
?
Luma Energy LLC
Luma Energy LLC, Puerto Rico’s main power distributor Suffers a DDoS attack before a devastating fire.
DDoS
E Water supply, sewerage waste management, and remediation activities
CC
PR
Luma Energy LLC
86
11/06/2021
-
-
?
Volkswagen USA
Volkswagen and Audi are hit by a data breach that exposed the contact information and, in some cases, personal details of 3 million customers or shoppers. The data was stolen from an outside company that worked with the automaker.
Unknown
C Manufacturing
CC
US
Volkswagen USA, Audi
87
11/06/2021
-
-
?
McDonald’s
McDonald’s says that hackers stole some data from its systems in markets including the U.S., South Korea and Taiwan.
Unknown
I Accommodation and food service activities
CC
US
Visalia Unified School District, ransomware
88
11/06/2021
28/5/2021
28/5/2021
?
Five Rivers Health Centers
Five Rivers Health Centers notifies 155,748 patients after a phishing incident.
Account Takeover
O Public administration and defence, compulsory social security
CC
US
Five Rivers Health Centers
89
11/06/2021
During May 2020
-
Maze
Arizona Asthma and Allergy Institute
Arizona Asthma and Allergy Institute provides notice of a Maze ransomware incident in May 2020.
Malware
Q Human health and social work activities
CC
US
Arizona Asthma and Allergy Institute, Maze, ransomware
90
11/06/2021
-
-
?
Undisclosed major Irish company
An undisclosed major Irish company has paid a ransomware demand after its data was encrypted.
Malware
Z Unknown
CC
IE
Ransomware
91
11/06/2021
Since 11/06/2021
Since 11/06/2021
?
Digital artists and creators of non-fungible tokens (NFT)
Multiple digital artists and creators of non-fungible tokens (NFT) were at the center of a highly targeted malware campaign
Targeted Attack
R Arts entertainment and recreation
CC
>1
non-fungible tokens, NFT
92
11/06/2021
-
6/5/2021
Xing Team
GlobeMed Saudi
Xing Team claims to have acquired patient data, employee data, and financial reports from GlobeMed Saudi, a healthcare benefits management firm.
Malware
N Administrative and support service activities
CC
SA
Xing Team, GlobeMed Saudi, ransomware
93
11/06/2021
-
18/5/2021
Xing Team
OSF Healthcare
Xing Team claims to have acquired patient data from OSF Healthcare.
Malware
Q Human health and social work activities
CC
US
Xing Team, OSF Healthcare, ransomware
94
11/06/2021
-
24/5/2021
Xing Team
Coastal Family Health Center
Xing Team claims to have acquired patient data from Coastal Family Health Center.
Malware
Q Human health and social work activities
CC
US
Xing Team, Coastal Family Health Center, ransomware
95
11/06/2021
-
-
PayOrG AKA PayOrGrief
The Woodruff Institute
The Woodruff Institute is hit with a PayOrGrief ransomware attack.
Malware
Q Human health and social work activities
CC
US
PayOrG, PayOrGrief, The Woodruff Institute
96
12/06/2021
During May 2021
12/6/2021
Mastiff
Multiple organizations in the Italian healthcare sector
A forum on the Dark Web publishes a post selling COVID-19 vaccination data of 7.4 Million Italians.
Undisclosed vulnerabilities
O Public administration and defence, compulsory social security
CC
IT
COVID-19, Mastiff
97
12/06/2021
Earlier in June 2021
Earlier in June 2021
?
TurboTax customers
Financial software company Intuit notifies TurboTax customers that some of their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks.
Account Takeover
X Individual
CC
US
Intuit, TurboTax
98
13/06/2021
13/6/2021
13/6/2021
?
Stillwater Medical Center
Stillwater Medical Center is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Stillwater Medical Center, ransomware
99
14/06/2021
-
-
?
Multiple targets
Microsoft discovers a series of attacks that use SEO poisoning to infect targets with the SolarMarker RAT (aka Jupyter, Polazert, and Yellow Cockatoo).
Malware
Y Multiple Industries
CC
>1
Microsoft, SEO poisoning, SolarMarker, Jupyter, Polazert, Yellow Cockatoo
100
14/06/2021
-
-
?
Multiple targets
Microsoft researchers take down the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign.
Business Email Compromise
Y Multiple Industries
CC
>1
Microsoft
101
14/06/2021
-
27/4/2020
/
Cake Box
Cake Box discloses a data breach after threat actors hacked their website to stole credit card numbers.
Malicious Script Injection
I Accommodation and food service activities
CC
UK
Cake Box, Magecart
102
14/06/2021
-
-
?
Undisclosed target(s)
Apple releases security updates to address two WebKit zero-day vulnerabilities exploited in the wild to hack older generation iPhones and iPads.
Researchers from AT&T Alien Lab discover a new variant of the Mirai botnet, tracked as Moobot, scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers.
Humber River Hospital in Toronto is hit with a ransomware attack
Malware
Q Human health and social work activities
CC
CA
Humber River Hospital, ransomware
105
14/06/2021
-
-
?
Menominee Casino Resort
The Menominee Casino Resort is hit by a cyber attack.
Unknown
R Arts entertainment and recreation
CC
US
Menominee Casino Resort
106
15/06/2021
-
-
?
Polish Institutions and Individuals
Poland's parliament reveals it will hold a closed-door session to discuss a wave of cyber attacks that the government called "unprecedented".
Targeted Attack
O Public administration and defence, compulsory social security
CE
PL
Poland
107
15/06/2021
16/4/2021
16/4/2021
?
Reproductive Biology Associates
Reproductive Biology Associates discloses to have been hit by a ransomware attack compromising the data of 38,000 patients.
Malware
Q Human health and social work activities
CC
US
Reproductive Biology Associates, ransomware
108
15/06/2021
15/6/2021
15/6/2021
?
University of Massachusetts Lowell (UMass Lowell)
The University of Massachusetts Lowell (UMass Lowell) suffers a cybersecurity breach that has caused school closures.
Unknown
P Education
CC
US
University of Massachusetts Lowell, UMass Lowell
110
15/06/2021
12/6/2021
12/6/2021
?
HMM
South Korean shipping company HMM confirms its email systems continue to be impacted by a virus attack.
Malware
H Transportation and storage
CC
KR
HMM
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The second timeline of May 2022 is out. In the second half of the month I collected 120 events, corresponding to an average of 7.50 events/day, an important...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Shortly after the Cyber Attacks Timelines of May, it’s time to publish the corresponding statistics. In May, I have collected 177 significant events, a consistent…