The second cyber attacks timeline of June is finally out (part I here), where I have collected 102 events, a number that shows a slight decrease compared to the 109 recorded in the previous one.
Unsurprisingly ransomware continues to characterize this unlucky 2021, almost one out of three events (30.04%, down from 34.86 of the previous timeline) has seen threat actors encrypting, and in some cases leaking, the victim’s data, fueling a trend that seems unstoppable. No need to repeat that the real number could be even higher since too many organizations do not completely disclose the root cause of unspecified outages or disruptions tracked as the outcome of a generic “cyber attack”.
More high-profile targets in the list of victims of mega breaches including a well known car manufacturer that left a cloud storage misconfigured (and criminals didn’t take too long to take advantage of that).
Similarly, the unlucky moment for Google Chrome continues with a new 0-day vulnerability (CCVE-2021-30554) exploited in the wild.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
At least for once, not so much to mention on the cyber espionage front. Besides Nobelium (AKA APT29 or Cozy Bear) that continues to be quite active, this timeline shows additional campaigns from know well actors such as: Kimsuky, TA402 AKA Molerats, and Ferocious Kittens.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
15/06/2021
10/6/2021
10/6/2021
?
Ito Yogyo Co.
Ito Yogyo Co., which manufactures concrete for roads, reports a ransomware incident.
Malware
C Manufacturing
CC
JP
Ito Yogyo Co., ransomware
2
16/06/2021
Since 2014
-
People’s Liberation Army (PLA) Unit 69010
Aerospace, defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan
Researchers from Recorded Future’s Insikt Group reveal the details of RedFoxtrot, a campaign carried out by People’s Liberation Army (PLA) Unit 69010 targeting multiple countries around China.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Recorded Future, Insikt Group, RedFoxtrot, People’s Liberation Army, PLA, Unit 69010, China.
3
16/06/2021
18/5/2021
Early June 2021
DarkSide (AKA UNC2465)
Unnamed CCTV vendor
Researchers from Mandiant disclose a supply chain attack targeting the website of a CCTV camera vendor.
Malware
C Manufacturing
CC
N/A
Mandiant, DarkSide, UNC2465
4
16/06/2021
Since 2015
-
Ferocious Kitten
Persian-speaking individuals based in Iran
Researchers at Kaspersky reveal the details of Ferocious Kitten, an Iranian APT actor silently conducting domestic cyber-surveillance operations for the last six years.
Targeted Attack
X Individual
CE
IR
\Kaspersky, Ferocious Kitten
5
16/06/2021
Since 2017
-
?
Multiple targets
Researchers from Avast reveal the details of DirtyMoe, a malware infecting more than 100,000 Windows systems to mine cryptocurrency.
Malware
Y Multiple Industries
CC
>1
Avast, DirtyMoe, Crypto
6
16/06/2021
-
-
?
Gateley
UK listed law firm Gateley says that it has suffered a cyberattack.
Unknown
M Professional scientific and technical activities
CC
UK
Gateley
7
16/06/2021
between 26/05/2021 and 01/06/2021
-
?
California City
California City is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
California City, ransomware
8
16/06/2021
8/6/2021
-
?
George County Schools
George County Schools are hit by a cybersecurity attack.
Unknown
P Education
CC
US
George County Schools
9
16/06/2021
2/4/2021
18/5/2021
?
Sports Club NAS
Sports Club NAS is hit by a ransomware attack.
Malware
R Arts entertainment and recreation
CC
JP
Sports Club NAS, ransomware
10
17/06/2021
During June 2021
During June 2021
TA402 AKA Molerats
Government institutions in the Middle East
Researchers from Proofpoint discover a new campaign by TA402 using a custom backdoor dubbed LastConn.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
TA402, Molerats, LastConn
11
17/06/2021
-
-
?
Carnival Corporation
Carnival Corporation, the world's largest cruise ship operator, discloses a data breach after attackers gained access to some of its IT systems and the personal, financial, and health information belonging to customers, employees, and crew.
Unknown
R Arts entertainment and recreation
CC
UK/US
Carnival Corporation
12
17/06/2021
12/6/2021
12/6/2021
?
Volkswagen Group of America
Volkswagen Group of America customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container.
Misconfiguration
C Manufacturing
CC
US
Volkswagen Group of America
13
17/06/2021
-
-
?
Undisclosed target(s)
Google releases Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild.
CVE-2021-30554 Vulnerability
Z Unknown
N/A
N/A
Google Chrome 91.0.4472.114, CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557
14
17/06/2021
-
-
?
Single individuals
Researchers from Sophos uncover a malware campaign that blocks infected users from being able to visit a large number of websites dedicated to software piracy.
Malware
X Individual
CC
>1
Sophos, ransomware, Red Epsilon, Microsoft Exchange
15
17/06/2021
-
-
?
Multiple targets
Researchers from Avanan discover a new phishing campaign exploiting Google Docs.
Account Takeover
Y Multiple Industries
CC
>1
Avanan, Google Docs
16
17/06/2021
During March 2021
During March 2021
?
Multiple targets
Researchers from Armorblox discover a vishing campaign impersonating Geek Squad.
Account Takeover
Y Multiple Industries
CC
US
Armorblox, Geek Squad
17
17/06/2021
During March 2021
During March 2021
?
Multiple targets
Researchers from Armorblox discover a vishing campaign impersonating Norton Antivirus.
Account Takeover
Y Multiple Industries
CC
US
Armorblox, Norton Antivirus
18
17/06/2021
-
-
DarkRadiation
Red Hat and Debian-based Linux Distributions
Researchers from Trend Micro discover DarkRadiation, a Bash ransomware targeting Red Hat and Debian-based Linux Distributions.
Malware
Y Multiple Industries
CC
>1
Trend Micro, DarkRadiation, Bash, ransomware, Red Hat, Debian, Linux
19
17/06/2021
17/4/2021
-
?
Lightfoot, Franklin & White
The law firm Lightfoot, Franklin & White notifies clients of ransomware incident.
Malware
M Professional scientific and technical activities
CC
US
Lightfoot, Franklin & White, ransomware
20
18/06/2021
14/6/2021
14/6/2021
Kimsuky
Korea Atomic Energy Research Institute (KAERI)
The Korea Atomic Energy Research Institute discloses that their internal networks were hacked by North Korean threat actors using a VPN vulnerability.
VPN vulnerability
O Public administration and defence, compulsory social security
CE
KR
Korea Atomic Energy Research Institute, KAERI, Kimsuky
21
18/06/2021
Since 04/06/2021
-
?
Energy and Food sectors
Researchers from Trend Micro discover a Fake DarkSide campaign aiming at extorting the victims.
Malicious spam
Y Multiple Industries
CC
>1
Trend Micro, DarkSide
22
18/06/2021
18/6/2021
18/6/2021
?
Judson ISD
Judson ISD investigates a possible ransomware attack affecting district communication.
Malware
P Education
CC
US
Judson ISD, ransomware
23
18/06/2021
25/4/2021
21/4/2021
?
Coastal Medical Group
Coastal Medical Group notifies patients of a data breach.
Unknown
Q Human health and social work activities
CC
US
Coastal Medical Group
24
18/06/2021
Late May 2021
3/6/2021
?
CIUSSS de l’Est de Montréal
CIUSSS de l’Est de Montréal suffers a cyber attack and the data of 2,340 is compromised.
Unknown
Q Human health and social work activities
CC
CA
CIUSSS de l’Est de Montréal
25
18/06/2021
Between 15/04/2021 and 19/04/2021
19/4/2021
?
Jones Family Dental
Jones Family Dental provides notice of a data incident.
Unknown
Q Human health and social work activities
CC
US
Jones Family Dental
26
18/06/2021
17/5/2021
19/5/2021
?
Maximus
Maximus, a state contractor reveals that Ohio Medicaid providers may have had their personal data exposed when someone gained unauthorized access to an app. 334,690 individuals are affected.
Unknown
N Administrative and support service activities
CC
US
Maximus
27
18/06/2021
Between 27/12/2020 and 13/04/2021
Between 20/04/2021 and 04/05/2021
?
UW Health
UW Health notifies 4,318 patients of a data breach in their Epic MyChart patient portal.
Unknown
Q Human health and social work activities
CC
US
UW Health
28
19/06/2021
-
-
?
Tinder users
A new spam campaign is targeting Tinder users
Spam
X Individual
CC
>1
Tinder
29
19/06/2021
-
-
?
Android users
Researchers from Quick Heal Security discover 8 additional apps available in the Google Play Store, and distributing the Joker malware.
Malware
X Individual
CC
>1
]Quick Heal Security, Google Play Store, Joker
30
19/06/2021
17/6/2021
17/6/2021
?
Lucky Star Casino
Lucky Star Casino confirms it suffered a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US
Lucky Star Casino, ransomware
31
20/06/2021
During 2020
-
Attackers from North Korea
Daewoo Shipbuilding & Marine Engineering (DSME)
North Korean hackers are believed to have breached Daewoo Shipbuilding & Marine Engineering (DSME), South Korea’s top submarine builder.
Targeted Attack
C Manufacturing
CE
KR
North Korea, South Kora, Daewoo Shipbuilding & Marine Engineering, DSME
32
21/06/2021
During May 2021
-
nedog123
Python users
Researchers from Sonatype discover multiple malicious packages in the PyPI repository for Python projects turning developers' workstations into cryptomining machines.
Malware
Y Multiple Industries
CC
>1
Sonatype, PyPI, Python
33
21/06/2021
21/6/2021
21/6/2021
?
City of Liege
The City of Liege, in Belgium, is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
BE
City of Liege, ransomware
34
21/06/2021
-
-
?
Multiple targets
Researchers from Bitdefender discover a new phishing campaign using a COVID-19 vaccination schedule as a lure and distributing Agent Tesla.
Malware
Y Multiple Industries
CC
>1
Bitdefender Agent Tesla, COVID-19
35
21/06/2021
17/6/2021
17/6/2021
?
St. Joseph’s/Candler Health System
St. Joseph’s/Candler Health System announces to have been hit by a ransomware attack.
Malware
Q Human health and social work activities
CC
US
St. Joseph’s/Candler Health System, ransomware
36
21/06/2021
-
-
Mastiff
Municipalidad de San Pedro
A threat actor leaks the data from the Municipalidad de San Pedro (sanpedro.gov.ar)
Unknown
O Public administration and defence, compulsory social security
CC
AR
Municipalidad de San Pedro, Mastiff, sanpedro.gov.ar
37
21/06/2021
-
-
Mastiff
Poder Judicial de Mendoza
A threat actor leaks the data from the Poder Judicial de Mendoza (jus.mendoza.gov.ar)
Unknown
O Public administration and defence, compulsory social security
CC
AR
Poder Judicial de Mendoza, jus.mendoza.gov.ar, Mastiff
38
21/06/2021
-
-
Mastiff
Instituto de Obra Social del Empleado Provincial
A threat actor leaks the data from the Instituto de Obra Social del Empleado Provincial (iosep.gov.ar)
Unknown
O Public administration and defence, compulsory social security
CC
AR
Instituto de Obra Social del Empleado Provincial, iosep.gov.ar, Mastiff
39
21/06/2021
-
-
Mastiff
Honorable Concejo Deliberante de San Nicolás
A threat actor leaks the data from the Instituto de Honorable Concejo Deliberante de San Nicolás (hcdsannicolas.gov.ar)
Unknown
O Public administration and defence, compulsory social security
CC
AR
Instituto de Honorable Concejo Deliberante de San Nicolás, hcdsannicolas.gov.ar
40
22/06/2021
22/6/2021
22/6/2021
REvil AKA Sodinokibi
Grupo Fleury
Brazilian medical diagnostic company Grupo Fleury suffers a REvil ransomware attack that disrupts business operations after the company takes its systems offline.
Malware
Q Human health and social work activities
CC
BR
Grupo Fleury, REvil, Sodinokibi
41
22/06/2021
-
-
Ever101
Undisclosed company in Israel
Researchers from Profero and Security Joes reveal the details of an Ever101 ransomware attack targeting an undisclosed company in Israel.
Malware
Z Unknown
CC
IL
Profero, Security Joes, Ever101, ransomware
42
22/06/2021
During June 2021
-
?
U.S. securities industries
US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support.'
Account Takeover
K Financial and insurance activities
CC
US
FINRA
43
22/06/2021
-
-
Iran
US
American authorities seize a range of 33 Iran’s state-linked news website domains accused of spreading disinformation.
Fake websites/social network accounts
O Public administration and defence, compulsory social security
CW
US
Iran, US
44
22/06/2021
-
-
?
Bauhaus
Bauhaus, a chain of home construction goods, suffers a cyber attack.
Unknown
G Wholesale and retail trade
CC
DK
Bauhaus
45
22/06/2021
13/4/2021
-
?
WorkForce West Virginia
WorkForce West Virginia notifies a number of state residents of a potential data breach involving some of their personal information.
Unknown
N Administrative and support service activities
CC
US
WorkForce West Virginia
46
23/06/2021
-
-
Cl0p
Undisclosed victim 1
The Cl0p ransomware gang is back in business after the recent arrests and leaks the data of two new victims.
Malware
Z Unknown
CC
N/A
Cl0p, ransomware
47
23/06/2021
-
-
Cl0p
Undisclosed victim 2
The Cl0p ransomware gang is back in business after the recent arrests and leaks the data of two new victims.
Malware
Z Unknown
CC
N/A
Cl0p, ransomware
48
23/06/2021
Since the first half of 2020
-
PYSA AKA Mespinoza
Education organizations in the US
Researchers from BlackBerry unveil a previously unnamed Golang RAT dubbed ChaChi, used by operators of the PYSA (aka Mespinoza) ransomware and targeting education organizations.
Malware
P Education
CC
US
BlackBerry. Golang, ChaChi, PYSA, Mespinoza
49
23/06/2021
-
13/6/2021
?
Patari
Patari, a Pakistani music streaming site suffers a data breach in which its database containing personal data and login credentials of over 257,000 registered users is leaked on English and Russian language hacker forums.
Unknown
R Arts entertainment and recreation
CC
PK
Patari
50
23/06/2021
-
-
?
Prefeitura de Águas Lindas de Goiás
The website of the Prefeitura de Águas Lindas de Goiás suffers a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
BR
Prefeitura de Águas Lindas de Goiás
51
23/06/2021
Earlier in June 2021
Earlier in June 2021
?
Cobb County
The Cobb County suffers a sophisticated phishing attack.
Account Takeover
O Public administration and defence, compulsory social security
CC
US
Cobb County
52
24/06/2021
-
-
REvil AKA Sodinokibi
French Connection
U.K.-based fashion brand French Connection is hit by a REvil ransomware attack.
Malware
G Wholesale and retail trade
CC
UK
French Connection, REvil, ransomware
53
24/06/2021
-
-
?
Multiple targets
Researchers from Trustwave discover a threat actor using WIM (Windows Imaging Format) attachments to distribute the Agent Tesla remote access trojan.
Malware
Y Multiple Industries
CC
>1
Trustwave, WIM, Windows Imaging Format, Agent Tesla
54
24/06/2021
-
-
?
Western Digital My Book Live NAS owners
Western Digital My Book Live NAS owners worldwide have their devices factory reset and all of their files deleted.
CVE-2021-35941 Vulnerability
X Individual
CC
>1
CVE-2018-18472, Western Digital, My Book Live
55
24/06/2021
24/6/2021
24/6/2021
?
Multiple targets
Attackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit is published.
CVE-2020-3580 Vulnerability
Y Multiple Industries
N/A
>1
Cisco ASA, CVE-2020-3580
56
24/06/2021
Since July 2020
-
?
Single individuals
Researchers from Avast discover Crackonosh, a cryptocurrency-mining malware, spread through cracked software, that abuses Windows Safe mode during attacks.
Malware
X Individual
CC
>1
Avast, Crackonosh, crypto
57
24/06/2021
-
-
?
Zyxel devices
Zyxel, issues an alert warning that attackers are targeting its devices and changing configurations to gain remote access to a network.
Misconfiguration
Y Multiple Industries
N/A
>1
Zyxel
58
24/06/2021
24/6/2021
24/6/2021
?
NewsBlur
A hacker wipes the database of NewsBlur, a popular web-based RSS reader, and demands a ransom payment from the company in exchange for access to its original data.
Misconfiguration
J Information and communication
CC
US
NewsBlur
59
24/06/2021
-
-
?
Single individuals
Researchers from Tenable reveal a new campaign able to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube ads to promote a fake SpaceX coin.
Crypto scam
X Individual
CC
>1
Tenable, Uniswap, YouTube, SpaceX
60
24/06/2021
Mid March 2021
Mid March 2021
?
Single individuals
Researcher from Kaspersky reveal the details of DotDat, a malicious campaign delivering .ZIP attachments that purported to be some sort of cancelled operation or compensation.
Malware
Y Multiple Industries
CC
>1
Kaspersky, DotDat
61
24/06/2021
Mid March 2021
Mid March 2021
?
Single individuals primarily in China
Researcher from Kaspersky reveal the details of a second malicious campaign delivering the IcedID and Qbot trojans.
Malware
Y Multiple Industries
CC
>1
Kaspersky, IcedID, Qbot
62
24/06/2021
23/6/2021
23/6/2021
?
Secondary schools on the island of Anglesey
All five secondary schools on the island of Anglesey are hit by a cyber-attack.
Unknown
P Education
CC
UK
Ysgol Syr Thomas Jones, Ysgol Uwchradd, Ysgol Gyfun Llangefni, Ysgol David Hughes, Ysgol Uwchradd Caergybi
63
24/06/2021
24/6/2021
24/6/2021
?
Bridgewater-Raritan School District
All 12 of the Bridgewater-Raritan School District websites appear to be defaced.
Defacement
P Education
CC
US
Bridgewater-Raritan School District
64
24/06/2021
23/6/2021
23/6/2021
?
SalzburgMilch
Austria’s third largest dairy, SalzburgMilch, is the victim of a cyberattack.
Unknown
I Accommodation and food service activities
CC
AT
SalzburgMilch
65
24/06/2021
During June 2021
During June 2021
TA543
Multiple targets
Researchers from Proofpoint discover a new campaign distributing the malware loader JSSLoader.
Malware
Y Multiple Industries
CC
>1
Proofpoint, JSSLoader, TA543
66
25/06/2021
16/5/2021
17/6/2021
?
Gaming environments
Microsoft confirms signing a malicious driver being distributed within gaming environments.
Malware
R Arts entertainment and recreation
CC
>1
Microsoft
67
25/06/2021
-
-
Nobelium AKA APT29 or Cozy Bear
Multiple targets
Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent's computer that exposed customer's subscription information.
password spray and brute-force
Y Multiple Industries
CE
>1
Nobelium, APT29, Cozy Bear, Microsoft
68
25/06/2021
-
Mid April 2021
?
Sony Playstation 3 players
A reported breach of a Sony folder containing the serial ID numbers for every PlayStation 3 console appears to have led to users being inexplicably banned from the platform.
Misconfiguration
R Arts entertainment and recreation
CC
>1
Sony, PlayStation 3
69
25/06/2021
-
-
?
Hollingsworth LLP
Cybercriminals publish for sale in Dark Web 58GB of data stolen from the law firm Hollingsworth LLP.
Unknown
M Professional scientific and technical activities
CC
US
Marketo, Hollingsworth LLP
70
25/06/2021
-
-
?
Clearfield Borough Police Department
The Marketo Marketplace publishes a data set presumably belonging to the Clearfield Borough Police Department.
Unknown
O Public administration and defence, compulsory social security
CC
US
Marketo, Clearfield Borough Police Department
71
25/06/2021
-
-
?
Municipal Court of Princeton
The Marketo Marketplace publishes a data set presumably belonging to the Municipal Court of Princeton.
Unknown
O Public administration and defence, compulsory social security
CC
US
Marketo, Municipal Court of Princeton
72
25/06/2021
14/6/2021
14/6/2021
Hive
Altus Group
Altus Group has its data leaked by the Hive ransomware group.
Malware
M Professional scientific and technical activities
CC
CA
Altus Group, Hive, ransomware
73
26/06/2021
15/3/2021
5/4/2021
?
HOYA Optical Labs of America
The Japanese-headquartered firm HOYA Optical Labs of America notifies 3,259 U.S. patients of a ransomware incident.
Malware
C Manufacturing
CC
US
HOYA Optical Labs of America, ransomware
74
26/06/2021
Between 28/09/2020 and 04/10/2020
Between 28/09/2020 and 04/10/2020
?
Twin Med LLC
Twin Med LLC in California notifies 366 employees of unauthorized access to some of their information.
Unknown
Q Human health and social work activities
CC
US
Twin Med LLC
75
26/06/2021
-
-
?
Institut plánování a rozvoje (Institute of Planning and Development)
The Institut plánování a rozvoje in Prague, reports to have been infected with a crypto miner virus.
Malware
M Professional scientific and technical activities
CC
CZ
Institut plánování a rozvoje, Institute of Planning and Development
76
28/06/2021
28/6/2021
28/6/2021
?
WhatsApp users in the UK
Multiple police forces in the UK warn about the resurgence of a WhatsApp scam designed to trick the victim into handing over login codes so that crooks can take over the account.
Account Takeover
X Individual
CC
UK
WhatsApp
77
28/06/2021
During the previous week
During the previous week
DragonForce Malaysia
AcadeME
The details of about 280,000 students throughout Israel are leaked after a cyberattack targets AcadeME, a company that serves a number of colleges and universities throughout the country.
Unknown
M Professional scientific and technical activities
CC
IL
AcadeME, DragonForce Malaysia
78
28/06/2021
-
-
Vice Society
Frederick Public Schools
Frederick Public Schools suffers a ransomware attack.
Malware
P Education
CC
US
Frederick Public Schools, ransomware
79
28/06/2021
24/6/2021
24/6/2021
?
Hospital do Divino Espírito Santo de Ponta Delgada
The Hospital do Divino Espírito Santo de Ponta Delgada is hit with a cyberattack
Unknown
Q Human health and social work activities
CC
PT
Hospital do Divino Espírito Santo de Ponta Delgada
80
28/06/2021
27/6/2021
27/6/2021
?
Comune di Cagliari
The Municipality of Cagliari is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
IT
Comune di Cagliari, ransomware
81
28/06/2021
-
21/3/2021
?
Physicians Dialysis
Physicians Dialysis provides notice of unauthorized access to a database.
Unknown
Q Human health and social work activities
CC
US
Physicians Dialysis
82
28/06/2021
25/6/2021
25/6/2021
?
Chamber of Commerce and Industry (CCI) for Bordeaux-Gironde
The Chamber of Commerce and Industry (CCI) for Bordeaux-Gironde is hit with a ransomware attack.
Malware
N Administrative and support service activities
CC
FR
Chamber of Commerce and Industry for Bordeaux-Gironde, ransomware
83
29/06/2021
-
-
REvil AKA Sodinokibi
University Medical Center
University Medical Center is hit by a REvil ransomware attack.
Malware
Q Human health and social work activities
CC
US
University Medical Center, REvil, Sodinokibi, ransomware
84
29/06/2021
-
-
?
LimeVPN
The VPN provider known as LimeVPN is hit with a hack affecting 69,400 user records, according to researchers.
Unknown
M Professional scientific and technical activities
CC
US
LimeVPN
85
29/06/2021
12/6/2021
12/6/2021
?
4 New Square
4 New Square, a law firm is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
UK
4 New Square, ransomware
86
29/06/2021
-
-
?
Gerry Weber
Textile retail chain Gerry Weber is hit with a cyber attack.
Unknown
G Wholesale and retail trade
CC
DE
Gerry Weber
87
29/06/2021
Between 18/03/2021 and 22/03/2021
22/3/2021
?
Peoples Community Health Clinic
Peoples Community Health Clinic notifies some patients as a result of an employee’s email account being compromised.
Account Takeover
Q Human health and social work activities
CC
US
Peoples Community Health Clinic
88
29/06/2021
27/9/2020
27/9/2020
?
Good Shepherd Centres
Good Shepherd Centres, a Canadian non-profit discloses to have been the victim of a ransomware attack.
Malware
Q Human health and social work activities
CC
CA
Good Shepherd Centres
89
29/06/2021
2/6/2021
2/6/2021
PayOrG AKA PayOrGrief
Rehabilitation Support Services
Rehabilitation Support Services are hit by a Grief ransomware attack.
Malware
Q Human health and social work activities
CC
US
PayOrG, PayOrGrief, Rehabilitation Support Services
90
29/06/2021
During 2021 so far
-
Hades
seven companies with annual revenue of over $1 billion
Researchers from Accenture reveal that at least seven companies with annual revenue of over $1 billion have been hit so far this year by Hades ransomware,
Malware
Y Multiple Industries
CC
>1
Accenture, Hades, ransomware
91
30/06/2021
-
-
Fancy Lazarus
Undisclosed data service provider used by federal agencies in Germany
German authorities thwart a cyberattack on a data service provider used by federal agencies.
DDoS
M Professional scientific and technical activities
CC
DE
Fancy Lazarus
92
30/06/2021
27/6/2021
27/6/2021
Babuk Locker
Multiple targets
A new ransomware campaign using the recently leaked Babuk Locker ransomware builder is targeting multiple organizations worldwide.
Malware
Y Multiple Industries
CC
>1
Ransomware, Babuk Locker
93
30/06/2021
25/12/2021
30/12/2021
?
Practicefirst Medical Management Solutions and PBS Medcode
A ransomware attack on Practicefirst Medical Management Solutions and PBS Medcode leaves more than 1 million people exposed after hackers stole patient files.
Malware
M Professional scientific and technical activities
CC
US
Practicefirst Medical Management Solutions and PBS Medcode, ransomware
94
30/06/2021
Since 2019
-
?
Multiple targets
Researchers from Guardicore reveal that NSABuffMiner (or Indexsinas), a crypto-mining malware family, is still active and infecting Windows systems using three leaked NSA exploits, more than two years after being discovered for the first time.
Malware
Y Multiple Industries
CC
>1
Guardicore, NSABuffMiner, Indexsinas, NSA
95
30/06/2021
30/6/2021
30/6/2021
?
Rossiya 24
A televised phone-in with Russian President Vladimir Putin, on state-run Rossiya 24 network, is hit with a DDoS attack.
DDoS
J Information and communication
H
RU
Vladimir Putin, Rossiya 24
96
30/06/2021
9/6/2021
9/6/2021
?
QSure
South African insurance provider QSure is hit by a major data breach after an unauthorized access to its IT infrastructure.
Unknown
K Financial and insurance activities
CC
ZA
QSure
97
30/06/2021
30/6/2021
30/6/2021
?
New Skills Academy
New Skills Academy, a major online learning provider based in the United Kingdom suffers a data breach in which account information of its customers has been exposed to unauthorized sources.
Unknown
M Professional scientific and technical activities
CC
UK
New Skills Academy
98
30/06/2021
30/6/2021
30/6/2021
Conti or Pysa
UK Salvation Army
The UK branch of the Salvation Army is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
UK
Salvation Army, ransomware, Pysa, Conti
99
30/06/2021
Earlier in 2021
Earlier in 2021
?
Penn Foundation
Penn Foundation warns an unspecified number of clients that their data might have been stolen as part of a ransomware attack on the agency earlier this year.
Malware
Q Human health and social work activities
CC
US
Penn Foundation, ransomware
100
30/06/2021
21/6/2021
21/6/2021
?
Japan Airport Refueling
Japan Airport Refueling discloses a ransomware incident.
Malware
N Administrative and support service activities
CC
JP
Japan Airport Refueling, ransomware
101
30/06/2021
22/6/2021
22/6/2021
?
Massena Central School
Massena Central School suffers a cyber attack.
Unknown
P Education
CC
US
Massena Central School
102
30/06/2021
-
20/4/2020
?
Jawonio
Jawonio, a provider of lifespan disability services, notifies 13,313 patients that their data has been exposed in an email hacking incident.
Account Takeover
Q Human health and social work activities
CC
US
Jawonio
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
Finally I can summarize all the events and statistics collected in 2018, quite a complicated year from an infosec perspective. For those of you that keep asking...
And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Shortly after the Cyber Attacks Timelines of May, it’s time to publish the corresponding statistics. In May, I have collected 177 significant events, a consistent…
2020 Cyber Attacks Statistics
April 2023 Cyber Attacks Timeline
2018: A Year of Cyber Attacks
Q1 2023 Cyber Attacks Statistics
2021 Cyber Attacks Statistics
