1-15 July 2021 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The first cyber attacks timeline of July is finally out. In this fortnight I have collected 101 events, a number in line with the previous one (102), confirming a strong characterization by ransomware in the threat landscape, despite in sensible decrease compared to the previous one.

In this timeline, 23 out of 101 event (roughly 23%) are directly or indirectly characterized by ransomware, but the number per se don’t tell the whole story. The first week of July has seen one of the most devastating attacks (Kaseya) carried out by the REvil gang, and targeting more than 1,000 organizations at once. Curiously the group disappeared from the internet shortly after the attack. Unfortunately for one gang that disappears, many others emerge, so there have been many more incidents caused by ransomware actors such as Babuk (an unwelcome return), DarkSide, etc…

More high-profile targets in the list of victims of mega breaches including 91 million records leaked from the Mexican Electoral Institute. And similarly, the exploitation in the wild of 0-day vulnerabilities (including vulnerabilities targeting Microsoft and Google products) continues to play a primary role in the threat landscape driven by both cyber espionage and cyber criminal purposes.

Cloud-Native Threats in 2023

Similarly to what I have done in 2022, 2021, and 2020, I am listing those cyber attacks…

The Biggest Data Breaches of 2023

Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches…

16-31 December 2022 Cyber Attack Timeline

Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…

1-15 December 2022 Cyber Attack Timeline

In the first timeline of December, I have collected 147 events (corresponding to 9.8 events/day), a result slightly…

Cloud-Native Threats in 2022

This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…

Photo by Tima Miroshnichenko from Pexels

The Biggest Data Breaches of 2022

Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…

The Biggest Data Breaches of 2021

With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

And this fortnight even the cyber espionage front appears to be quite crowded. Besides the usual suspect Nobelium (AKA APT29 or Cozy Bear), this timeline shows additional campaigns from know well actors such as: TA453 (AKA Charming Kittens), APT28 (AKA Fancy Bear), the Lazarus Group, and Tortoiseshell.

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/07/2021	Since 2019	-	APT28 AKA Fancy Bear, Strontium	US networks	The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks via Kubernetes clusters to access US networks and steal email and files.	Brute Force	Y Multiple Industries	CE	US		APT28, Fancy Bear, Strontium, Kubernetes
2	01/07/2021	Between 03/06/2020 and 26/09/2020	-	?	Arthur J. Gallagher (AJG)	Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, mails breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.	Malware	K Financial and insurance activities	CC	US		Arthur J. Gallagher, AJG, ransomware
3	01/07/2021	-	28/6/2021	1945VN?	Tamil Nadu's Public Distribution System (PDS)	5.2 million citizens from the Public Distribution System (PDS) of the state of Tamil Nadu have their data on sale.	Unknown	O Public administration and defence, compulsory social security	CC	IN		Tamil Nadu, Public Distribution System, PDS
4	01/07/2021	During June 2021	During June 2021	Wizard Spider	Undisclosed target	FortiGuard Labs security researchers discover a new ransomware strain dubbed Diavol, linked to Wizard Spider, the cybercrime group behind the Trickbot botnet.	Malware	Z Unknown	CC	N/A		FortiGuard Labs, Diavol, Wizard Spider, Trickbot
5	01/07/2021	Between 08/02/2021 and 03/03/2021	24/4/2021	?	MonPass	Researchers from Avast reveal that MonPass, a Mongolian certification authority official website was compromised to distribute Cobalt Strike binaries.	Malware	O Public administration and defence, compulsory social security	CE	MN		Avast, MonPass, Cobalt Strike
6	01/07/2021	During April 2021	During April 2021	IndigoZebra	Office of the President of Afghanistan	Researchers from Check Point reveal the details of the latest campaign of the Chinese APT IndigoZebra targeting the Office of the President of Afghanistan	Targeted Attack	O Public administration and defence, compulsory social security	CE	AF		Check Point, Chinese APT, IndigoZebra, Office of the President of Afghanistan
7	01/07/2021	Since June 2021	-	Wizard Spider	Home banking users	Researchers from Kryptos Logic discover a new version of the TrickBot malware with a revamped module that tries to intercept credentials for e-banking websites.	Malware	K Financial and insurance activities	CC	>1		Kryptos Logic, TrickBot.
8	01/07/2021	During May and June 2021	During May and June 2021	Filipino Department of Science and Technology (DOST) and Army.	Filipino media outlets Bulatlat and Altermidya, and Filipino human rights group Karapatan	Qurium Media Foundation, a Swedish digital rights nonprofit says it has observed a targeted campaign of DDoS attacks against Filipino media outlets and a human rights group that appear to be linked to the country’s Department of Science and Technology (DOST) and Army.	DDoS	J Information and communication	CC	PH		Qurium Media Foundation, Filipino Department of Science and Technology, DOST, Filipino Army, Bulatlat, Altermidya, Karapatan
9	01/07/2021	-	-	?	Facebook users	Security researchers from Dr.Web discover nine Android applications hosted on the official Google Play Store that contain functionality to steal Facebook account credentials.	Malware	Y Multiple Industries	CC	>1		Dr.Web, Android, Google Play Store, Facebook
10	01/07/2021	22/6/2021	-	?	Vulnerable KGUARD DVR devices	Researchers from Netlab 360 discover an additional Mirai variant called "mirai_ptea", exploiting an undisclosed KGUARD DVR vulnerability.	Undisclosed KGUARD DVR vulnerability	Y Multiple Industries	CC	>1		Netlab 360, Mirai, mirai_ptea, KGUARD DVR
11	01/07/2021	-	-	?	Single individuals	Researchers from Proofpoint discover a new campaign delivering multiple malware samples via Smoke Loader distributed via a fake Privacy Tool website.	Malware	X Individual	CC	>1		Proofpoint, Smoke Loader, Privacy Tool
12	01/07/2021	During January 2021	-	?	Dotty’s	Dotty’s, a company operating some 120 gaming venues in Nevada, notifies it suffered a malware attack in January 2021.	Malware	R Arts entertainment and recreation	CC	US		Dotty’s
13	01/07/2021	-	-	?	Kawasaki Kisen Kaisha	Japanese shipping company Kawasaki Kisen Kaisha issues a statement confirming that its computer systems were breached with “unauthorized access to overseas subsidiary systems.”	Unknown	H Transportation and storage	CC	JP		Kawasaki Kisen Kaisha
14	01/07/2021	22/5/2021	22/5/2021	?	Pacific Market Research (PMR)	Pacific Market Research (PMR) notifies about a ransomware attack affecting 16,000 individuals.	Malware	N Administrative and support service activities	CC	US		Pacific Market Research, PMR, ransomware
15	01/07/2021	-	-	?	Mandemakers Groep (DMG)	Kitchen and furniture seller De Mandemakers Groep (DMG) is hit by a cyber attack.	Unknown	G Wholesale and retail trade	CC	NL		Mandemakers Groep, DMG
16	01/07/2021	-	8/6/2021	?	Florida Blue	Florida Blue, part of Blue Cross Blue Shield, begins notifying more than 30,000 members that their personal information was exposed during an attack on the user database.	Password spray	Q Human health and social work activities	CC	US		Florida Blue
17	01/07/2021	-	-	Babuk	Undisclosed target 1	The Babuk ransomware gang is back in business with a new malware.	Malware	Z Unknown	CC	N/A		Babuk, ransomware
18	01/07/2021	-	-	Babuk	Undisclosed target 2	The Babuk ransomware gang is back in business with a new malware.	Malware	Z Unknown	CC	N/A		Babuk, ransomware
19	01/07/2021	-	-	Babuk	Undisclosed target 3	The Babuk ransomware gang is back in business with a new malware.	Malware	Z Unknown	CC	N/A		Babuk, ransomware
20	02/07/2021	2/7/2021	2/7/2021	REvil AKA Sodinokibi	Kaseya	A massive REvil ransomware attack affects multiple managed service providers and over a thousand of their customers through a reported Kaseya supply-chain attack.	Malware	M Professional scientific and technical activities	CC	US		REvil, Sodinokibi, Kaseya, ransomware
21	02/07/2021	During January 2021	During March 2021	Cl0p	Morgan Stanley	Investment banking firm Morgan Stanley reports a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of Guidehouse, a third-party vendor.	Vulnerability	K Financial and insurance activities	CC	US		Morgan Stanley, Accellion FTA, Guidehouse
22	02/07/2021	-	-	?	Multiple targets	The PrintNightmare 0-day, actively exploited, gets an unofficial patch.	CVE-2021-34527 Vulnerability	Y Multiple Industries	CC	>1		PrintNightmare, 0-day, CVE-2021-34527
23	02/07/2021	Since June 2021	24/6/2021	?	SharePoint	Researchers from Bitdefender discover a phishing campaign targeting Sharepoint users.	Account Takeover	Y Multiple Industries	CC	>1		Bitdefender, Sharepoint
24	02/07/2021	-	-	?	DocuSign users	Researchers from Bitdefender discover a phishing campaign targeting DocuSign users.	Account Takeover	Y Multiple Industries	CC	>1		Bitdefender, DocuSign
25	03/07/2021	3/7/2021	3/7/2021	?	Formula 1 app	Racing fans around the globe receive some unexpected and very strange push notifications from the official Formula 1 app, linked to a targeted cyber attack.	Unknown	R Arts entertainment and recreation	CC	US		Formula 1 app
26	03/07/2021	3/7/2021	3/7/2021	?	booking.moh.gov.ge (registration portal for COVID-19 vaccines in Georgia)	The registration portal for COVID-19 vaccines in Georgia is taken down by a DDoS attack.	DDoS	O Public administration and defence, compulsory social security	CC	GE		booking.moh.gov.ge, COVID-19
27	04/07/2021	4/7/2021	4/7/2021	?	Apex Legends	A hacker defaces the in-game interface of Apex Legends, a popular battle royale shooter game developed by Respawn Entertainment, with messages in support of Titanfall, another game developed by the same company in previous years.	Defacement	R Arts entertainment and recreation	CC	US		Apex Legends, Respawn Entertainment, Titanfall
28	04/07/2021	Between 12/11/2020 and 02/12/2020	10/5/2021	?	Dermatology Group of Arkansas	The Dermatology Group of Arkansas discloses that their patients were hit by a phishing attack.	Account Takeover	Q Human health and social work activities	CC	US		Dermatology Group of Arkansas
29	05/07/2021	-	-	REvil AKA Sodinokibi	MasMovil	The REvil ransomware gang hits Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group.	Malware	J Information and communication	CC	ES		MasMovil, ransomware, REvil, Sodinokibi
30	05/07/2021	24/5/2021	24/5/2021	?	WSSC Water	WSSC Water is investigating a ransomware attack that affected non-essential business systems	Malware	E Water supply, sewerage waste management, and remediation activities	CC	US		WSSC Water, ransomware
31	05/07/2021	5/7/2021	5/7/2021	?	Municipality of Oradea	The Municipality of Oradea, in Romania, suffers a malware attack.	Malware	O Public administration and defence, compulsory social security	CC	RO		Municipality of Oradea
32	06/07/2021	-	-	?	GETTR	Newly launched Pro-Trump social site GETTR suffers a data breach after a hacker claimed to use an unsecured API to scrape the private information of almost 90,000 members and then shared the data on a hacking forum.	Vulnerability	J Information and communication	CC	US		Donald Trump, GETTR
33	06/07/2021	3/7/2021	-	APT29 AKA Cozy Bear	Republican National Committee via Synnex	Synnex is hit by a cyber attack, allegedly carries out by APT29. However the Republican National Committee says none of its data is compromised.	Targeted Attack	M Professional scientific and technical activities	CE	US		Republican National Committee, Synnex, APT29, Cozy Bear
34	06/07/2021	-	-	HIDDEN COBRA AKA Lazarus	Job-seeking engineers	Researchers from AT&T Alien Labs discover a new campaign by the notorious Lazarus APT group, spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates.	Targeted Attack	X Individual	CE	>1		AT&T Alien Labs, Lazarus HIDDEN COBRA
35	06/07/2021	22/4/2021	26/4/2021	?	Marsh & McLennan Cos. Inc.	Marsh & McLennan Cos. Inc. is hit by a data breach involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage.	Vulnerability	M Professional scientific and technical activities	CC	US		Marsh & McLennan Cos. Inc.
36	06/07/2021	4/7/2021	4/7/2021	Indian Cyber Troops	Sindh High Court	The official website of the Sindh High Court is defaced by a group of hackers known as the ‘Indian Cyber Troops’.	Defacement	O Public administration and defence, compulsory social security	H	PK		Sindh High Court, Indian Cyber Troops
37	07/07/2021	-	-	?	Android users	Researchers from Lookout reveal that scammers tricked at least 93,000 people into buying 170 fake Android cryptocurrency mining applications, in two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs).	Malware	X Individual	CC	>1		Lookout, Android, BitScam, CloudScam
38	07/07/2021	-	-	SideCopy	Government Entities in India	Researchers from Cisco Talos reveal the details of a new campaign by the SideCopy APT, targeting entities in India.	Targeted Attack	O Public administration and defence, compulsory social security	CE	IN		Cisco Talos, SideCopy
39	07/07/2021	Since at least one year	-	?	Energy, oil and gas, and other companies around the world	Researchers from Intezer discover a new campaign targeting energy, oil and gas, and other companies around the world, and designed to deliver malware capable of stealing usernames, passwords and other sensitive information in what's believed to be the first stage of a wider campaign.	Malware	Y Multiple Industries	CC	>1		Intezer
40	07/07/2021	-	-	?	Wiregrass Electric Cooperative	Wiregrass Electric Cooperative is hit with a ransomware attack.	Malware	D Electricity gas steam and air conditioning supply	CC	US		Wiregrass Electric Cooperative, ransomware
41	07/07/2021	-	-	?	Multiple targets	Researchers from Malwarebytes and Trustwave discover spam campaigns that leverage news of the Kaseya patches to deliver a piece of malware.	Malware	Y Multiple Industries	CC	>1		Malwarebytes, Trustwave, Kaseya
42	07/07/2021	Since May 2021	During Spring 2021	WildPressure	Industrial sector in the Middle East	Researchers from Kaspersky discover a new variant of the WildPressure campaign, focused on the industrial sector in the Middle East, and expanded to also target Mac computers.	Targeted Attack	Y Multiple Industries	CE	>1		Kaspersky, WildPressure, Mac
43	07/07/2021	-	-	?	Multiple organizations in Australia	The Australian Cyber Security Centre (ACSC) warns that it had identified “a number of Australian organizations breached through the exploitation of the CVE-2021-35464 vulnerability affecting ForgeRock Access Management.	CVE-2021-35464 vulnerability	Y Multiple Industries	CC	AU		Australian Cyber Security Centre, ACSC, CVE-2021-35464, ForgeRock Access Management
44	07/07/2021	-	-	Bandidos	South American commercial networks	Researchers from ESET disclose Bandidos, a malware espionage campaign targeting South American commercial networks, with the majority of efforts (90%) focused on Venezuela,	Malware	Y Multiple Industries	CE	>1		ESET, Bandidos
45	07/07/2021	Between 09/05/2021 and 19/05/2021	19/5/2021	?	Florida Heart Associates	Hackers infiltrate Florida Heart Associates, exposing 45,148 patients' information.	Unknown	Q Human health and social work activities	CC	US		Florida Heart Associates
46	07/07/2021	7/7/2021	7/7/2021	?	City of Joplin	The City of Joplin is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US		City of Joplin, ransomware
47	08/07/2021	-	-	?	Multiple targets	Researchers from McAfee discover a new campaign distributing the ZLoader malware using a new technique to evade detection, the macros in the attachments don’t carry malicious code, but instead fetch it from a remote location after the document has been opened.	Malware	Y Multiple Industries	CC	>1		McAfee, Zloader
48	08/07/2021	Since June 2020	-	?	Black Widow watchers	Researchers from Kaspersky warn that scammers are using the highly anticipated Black Widow movie as a way to steal credit card information and commit other cybercrimes.	Account Takeover	R Arts entertainment and recreation	CC	>1		Kaspersky, Black Widow
49	08/07/2021	-	-	?	Hive OS users	A new malware specifically targets the wallet configuration file within Hive OS to steal the victim’s cryptocurrencies.	Malware	V Fintech	CC	>1		Hive OS, Crypto
50	08/07/2021	-	28/6/2021	Vice Society	Whitehouse Independent School District	Whitehouse Independent School District confirms it suffered a cyber attack carried out by Vice Society.	Unknown	P Education	CC	US		Whitehouse Independent School District, Vice Society
51	08/07/2021	Between 28/05/2021 and 04/06/2021	4/6/2021	Cuba Ransomware	Forefront Dermatology	Forefront Dermatology issues a press release about a ransomware attack that began in May. 2.4M patients and employees data is compromised.	Malware	Q Human health and social work activities	CC	US		Forefront Dermatology, ransomware, Cuba
52	09/07/2021	25/12/2020	-	?	Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp.	Practicefirst Medical Management Solutions and PBS Medcode recently notified 1.2 million patients that their data was accessed and stolen from its network, ahead of a ransomware attack deployed on Dec. 25, 2020.	Malware	M Professional scientific and technical activities	CC	US		Professional Business Systems, Inc., Practicefirst Medical Management Solutions, PBS Medcode Corp., ransomware
53	09/07/2021	9/7/2021	9/7/2021	?	Train services in Iran	Train services in Iran are delayed by apparent cyberattacks, with attackers posting the phone number of the country's supreme leader Ayatollah Ali Khamenei, as the number to call for information.	Unknown	H Transportation and storage	H	IR		Ayatollah Ali Khamenei
54	09/07/2021	-	-	?	Cryptocurrency owners	The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses.	Multiple techniques	V Fintech	CC	US		Federal Bureau of Investigation, FBI, Crypto
55	09/07/2021	-	-	DEV-0322	SolarWinds customers	SolarWinds urges customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" (allegedly based out of China) in attacks targeting a limited number of customers.	CVE-2021-35211 Vulnerability	Y Multiple Industries	CE	>1		SolarWinds, Serv-U, CVE-2021-35211
56	09/07/2021	Between 02/02/201 and 23/02/2021	-	DarkSide	Guess	American fashion brand and retailer Guess notifies affected customers of a data breach following a February ransomware attack that led to data theft.	Malware	G Wholesale and retail trade	CC	US		Guess, Darkside, ransomware
57	09/07/2021	-	-	?	Online gambling companies in China	Researchers from Trend Micro discover a watering hole attack exploiting compromised gambling sites to deliver a new remote access trojan (RAT) called BIOPASS that enables watching the victim’s computer screen in real time.	Malware	R Arts entertainment and recreation	CC	CN		Trend Micro, BIOPASS
58	09/07/2021	9/7/2021	9/7/2021	?	Kazakhstan government's 'Open Budgets' (legalacts.egov.kz site and budget.egov.kz)	Kazakhstan government's 'Open Budgets' website is hacked to distribute malicious office documents that installed the Razy malware.	Malware	O Public administration and defence, compulsory social security	CC	KZ		Kazakhstan, Open Budgets, legalacts.egov.kz site, budget.egov.kz
59	09/07/2021	9/7/2021	9/7/2021	?	Classic Football Shirts	Classic Football Shirts, a firm selling retro football team shirts and merchandise apologises to customers after a cyber-security attack accessed their data.	Unknown	G Wholesale and retail trade	CC	UK		Classic Football Shirts
60	09/07/2021	-	-	?	New South Wales (NSW) Department of Education	The New South Wales (NSW) Department of Education in Australia deactivates some internal systems after becoming the victim of a cyber-attack.	Unknown	P Education	CC	AU		New South Wales (NSW) Department of Education
61	09/07/2021	26-27/04/2021	-	?	Bank of Oak Ridge	The Bank of Oak Ridge suffers a cyber attack.	Malware	K Financial and insurance activities	CC	US		Bank of Oak Ridge
62	10/07/2021	Between 08/06/2021 and 10/06/2021	-	?	Mint Mobile	Mint Mobile discloses a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier.	Unknown	J Information and communication	CC	US		Mint Mobile
63	12/07/2021	-	-	?	Multiple targets	Researchers from Bitdefender discover reveal a resurgence of the Trickbot trojan with a new espionage module.	Malware	Y Multiple Industries	CE	>1		Bitdefender, Trickbot
64	12/07/2021	9/7/2021	9/7/2021	?	Royatonic	The Royatonic SPA in France suffers a ransomware attack.	Malware	R Arts entertainment and recreation	CC	FR		Royatonic, ransomware
65	12/07/2021	5/7/2021	5/7/2021	?	York Animal Hospital	York Animal Hospital is hit with a ransomware attack that wiped all patient records from the past four years.	Malware	Q Human health and social work activities	CC	US		York Animal Hospital, ransomware
66	12/07/2021	-	-	?	Spread Group	Spread Group notifies the clients of Spreadshirt, Spreadshop, and TeamShirts of a data breach which has seen the details of customers, partners, and employees fall into the hands of cybercriminals.	Unknown	G Wholesale and retail trade	CC	DE		Spread Group, Spreadshirt, Spreadshop, TeamShirts
67	12/07/2021	Between 21/10/2019 and 18/12/2019	-	?	The Millennia Companies	The Millennia Companies notifies of an unauthorized access to some employee email accounts.	Account Takeover	N Administrative and support service activities	CC	US		The Millennia Companies
68	13/07/2021	-	-	?	Undisclosed target(s)	In its Patch Tuesday, Microsoft patches nine 0-day vulnerabilities, four of which are actively exploited.	CVE-2021-34527, CVE-2021-33771, CVE-2021-34448, CVE-2021-31979 Vulnerabilities	Z Unknown	N/A	>1		Microsoft, Patch Tuesday, CVE-2021-34527, CVE-2021-33771, CVE-2021-34448, CVE-2021-31979
69	13/07/2021	-	-	Scammers from West Africa	Microsoft 365 customers	Microsoft's Digital Crimes Unit (DCU) seizes 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company's customers.	Business Email Compromise	Y Multiple Industries	CC	>1		Microsoft, Digital Crimes Unit, DCU
70	13/07/2021	During June 2021	-	?	Multiple targets	Researchers from Cofense detect a new phishing campaign trying to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file.	Malware	Y Multiple Industries	CC	>1		Cofense, BazarBackdoor
71	13/07/2021	Since at least January 2021	-	TA453 AKA Charming Kitten	Experts in Middle Eastern affairs from universities, think tanks and the media	Researchers from ProofPoint reveal the details of Operation SpoofedScholars, an Iranian cyber-espionage campaign using spoofed identities of real academics at the University of London’s School of Oriental and African Studies (SOAS), in phishing attacks designed to steal password details	Account Takeover	X Individual	CE	>1		ProofPoint, TA453, Operation SpoofedScholars, University of London’s School of Oriental and African Studies, SOAS, Charming Kitten
72	13/07/2021	Since September 2021	-	?	Android users	Researchers from Zimperium discover a wave of 1,000 additional samples of the joker malware.	Malware	X Individual	CC	>1		Zimperium, Joker, Android
73	13/07/2021	8/3/2021	26/4/2021	?	ClearBalance	ClearBalance notifies more than 209,000 patients that it suffered a phishing attack.	Account Takeover	K Financial and insurance activities	CC	US		ClearBalance
74	13/07/2021	-	-	?	Single individuals	A new phishing scam leverages text messages posing as the state Motor Vehicle Commission.	Account Takeover	X Individual	CC	US		Motor Vehicle Commission.
75	14/07/2021	-	-	?	Instituto Nacional Electoral (INE)	91 million records from the Instituto Nacional Electoral (INE) are leaked in the dark web.	Unknown	O Public administration and defence, compulsory social security	CC	MX		Instituto Nacional Electoral, INE
76	14/07/2021	Since October 2020	-	HoneyMyte	Hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.	Kaspersky researchers reveal LuminousMoth, an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1		Kaspersky, LuminousMoth, HoneyMyte
77	14/07/2021	Earlier in 2021	-	Nobelium AKA APT29 or Cozy Bear	Government officials from western European countries	Resarchers from Google reveal the details of a campaign exploiting a WebKit/Safari flaw to target government officials from western European countries by sending them malicious links via LinkedIn.	CVE-2021-1879 vulnerability	O Public administration and defence, compulsory social security	CE	>1		Google, WebKit/Safari, CVE-2021-1879, Nobelium, APT29, Cozy Bear
78	14/07/2021	Since February 2021 and June 2021	February 2021 and June 2021	Government-backed actors	Victims in Armenia	Resarchers from Google reveal the details of a campaign exploiting two Chrome vulnerabilities to target some organizations in Armenia.	CVE-2021-21166 and CVE-2021-30551 vulnerabilities	Z Unknown	CE	AM		Google, CVE-2021-21166, CVE-2021-30551
79	14/07/2021	Since April 2021	During April 2021	Government-backed actors	Victims in Armenia	Resarchers from Google reveal the details of a campaign exploiting an Internet Explorer vulnerability to target users in Armenia.	CVE-2021-33742 vulnerability	X Individual	CE	AM		Google, CVE-2021-33742
80	14/07/2021	-	-	HelloKitty	Multiple targets	A new version of the HelloKitty ransomware now targets VMware ESXi Servers.	Malware	Y Multiple Industries	CC	>1		HelloKitty, ransomware, VMware ESXi
81	14/07/2021	12/7/2021	12/7/2021	?	D-BOX Corporation	D-BOX Corporation announces that the company was subject to a ransomware cyberattack on its information technology systems.	Malware	C Manufacturing	CC	CA		D-BOX Corporation, ransomware
82	14/07/2021	Since at least 2020	-	-	Linux machines with weak passwords	Researchers from Bitdefender reveal the details of a cryptojacking gang, likely based in Romania, using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords.	Brute Force	Y Multiple Industries	CC	>1		Bitdefender, Diicot brute, crypto
83	15/07/2021	Since the past few weeks	-	HelloKitty	SonicWall customers	SonicWall issues an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.	Undisclosed vulnerability	Y Multiple Industries	CC	>1		SonicWall, ransomware, Secure Mobile Access, SMA 100, Secure Remote Access, SRA, HelloKitty
84	15/07/2021	-	-	?	At least 100 victims in multiple countries	Microsoft and Citizen Lab link the Israeli spyware company Candiru (also tracked as Sourgum) to a new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities CVE-2021-31979 and CVE-2021-33771.	Malware	X Individual	CE	>1		Microsoft, Citizen Lab, Candiru, Sourgum, DevilsTongue, CVE-2021-31979, CVE-2021-33771
85	15/07/2021	-	-	?	Undisclosed target(s)	Google releases Chrome 91.0.4472.164 to fix seven security vulnerabilities, one of them, CVE-2021-30563, a high severity zero-day vulnerability exploited in the wild.	CVE-2021-30563 vulnerability	Z Unknown	N/A	>1		Chrome 91.0.4472.164, CVE-2021-30563
86	15/07/2021	23/4/2021	-	?	Aruba.it	Aruba.it, an Italian hosting provider, notifies its users of a breach occurred back in April 2021.	Unknown	M Professional scientific and technical activities	CC	IT		Aruba.it
87	15/07/2021	15/7/2021	15/7/2021	?	Moldova's "Court of Accounts"	Moldova's "Court of Accounts" suffers a cyberattack leading to the agency's public databases and audits being destroyed.	Unknown	O Public administration and defence, compulsory social security	CC	MD		Moldova, Court of Accounts
88	15/07/2021	7/7/2021	7/7/2021	?	Comparis	Swiss price comparison platform Comparis notifies customers of a data breach following a ransomware attack that hit and took down its entire network last week.	Malware	K Financial and insurance activities	CC	CH		Comparis, rabsomware
89	15/07/2021	Since 2018	-	Tortoiseshell	Military personnel and people in the aerospace and defense industries in the United States	Facebook says it has disrupted a network tied to Iran attempting to distribute malware via malicious links shared under fake personas.	Targeted Attack	O Public administration and defence, compulsory social security	CE	US		Facebook, Tortoiseshell, Iran
90	15/07/2021	During June 2021	-	?	Coinbase users	Researchers from Inky discover a phishing campaign targeting Coinbase users.	Account Takeover	V Fintech	CC	US		Inky, Coinbase
91	15/07/2021	-	-	DragonForce Malaysia	Israeli Banking Sector	In name of #OpsBedil, the hacktivist group DragonForce Malaysia launches a DDoS campaign against the Israeli Banking Sector.	DDoS	K Financial and insurance activities	H	IL		#OpsBedil, DragonForce Malaysia, Israel, Banks
92	15/07/2021	-	-	DragonForce Malaysia	Israeli Citizens	In name of #OpsBedil, the hacktivist group DragonForce Malaysia leaks Israeli passport data.	Unknown	Z Unknown	H	IL		#OpsBedil, DragonForce Malaysia
93	15/07/2021	-	-	DragonForce Malaysia	Two Israeli religious sites	In name of #OpsBedil, the hacktivist group DragonForce Malaysia hacks two Israeli religious sites	Unknown	S Other service activities	H	IL		#OpsBedil, DragonForce Malaysia
94	15/07/2021	-	-	DragonForce Malaysia	50 Israeli companies	In name of #OpsBedil, the hacktivist group DragonForce Malaysia leak the VPN credentials for at least 50 Israeli companies.	Unknown	Y Multiple Industries	H	IL		#OpsBedil, DragonForce Malaysia
95	15/07/2021	-	-	DragonForce Malaysia	Ramon Airport and other airline-related organizations.	In name of #OpsBedil, the hacktivist group DragonForce Malaysia defaces the Ramon Airport and other airline-related organizations.	Defacement	H Transportation and storage	H	IL		#OpsBedil, DragonForce Malaysia, Ramon Airport
96	15/07/2021	-	13/7/2021	?	Vulnerable WordPress server	A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin are under attack.	WordPress plugin vulnerability	Y Multiple Industries	CC	>1		WooCommerce, WordPress
97	15/07/2021	-	-	?	Nottingham City Transport (NCT)	Nottingham City Transport (NCT) is hit by a cyber attack.	Unknown	H Transportation and storage	CC	UK		Nottingham City Transport, NCT
98	15/07/2021	During May 2021	-	?	Linkedin Users	Researchers from Armorblox discover a LinkedIn credential phishing attack, sent from a compromised university email account and hosting its phishing page on Google Forms.	Account Takeover	Z Unknown	CC	N/A		Armorblox, LinkedIn, Google Forms
99	15/07/2021	Between 19/01/2021 and 23/01/2021	23/1/2021	?	Diamond Foods	Diamond Foods discloses both a hack of its network and the incidental discovery that an employee’s email account had also been compromised previously	Unknown	I Accommodation and food service activities	CC	US		Diamond Foods
100	15/07/2021	-	30/6/2021	PayOrG AKA PayOrGrief	Booneville School District	Booneville School District is hit with a PayOrGrief ransomware attack.	Malware	P Education	CC	US		Booneville School District, PayOrG, PayOrGrief
101	15/07/2021	-	29/6/2021	PayOrG AKA PayOrGrief	Lancaster Independent School District	Lancaster Independent School District is hit with a PayOrGrief ransomware attack.	Malware	P Education	CC	US		Lancaster Independent School District, PayOrG, PayOrGrief
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
Leaky Buckets in 2023
Similarly to what I have done in 2022 and 2021, I am collecting the incidents due to cloud misconfigurations and leading to...
2021 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...