The first cyber attacks timeline of July is finally out. In this fortnight I have collected 101 events, a number in line with the previous one (102), confirming a strong characterization by ransomware in the threat landscape, despite in sensible decrease compared to the previous one.
In this timeline, 23 out of 101 event (roughly 23%) are directly or indirectly characterized by ransomware, but the number per se don’t tell the whole story. The first week of July has seen one of the most devastating attacks (Kaseya) carried out by the REvil gang, and targeting more than 1,000 organizations at once. Curiously the group disappeared from the internet shortly after the attack. Unfortunately for one gang that disappears, many others emerge, so there have been many more incidents caused by ransomware actors such as Babuk (an unwelcome return), DarkSide, etc…
More high-profile targets in the list of victims of mega breaches including 91 million records leaked from the Mexican Electoral Institute. And similarly, the exploitation in the wild of 0-day vulnerabilities (including vulnerabilities targeting Microsoft and Google products) continues to play a primary role in the threat landscape driven by both cyber espionage and cyber criminal purposes.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
And this fortnight even the cyber espionage front appears to be quite crowded. Besides the usual suspect Nobelium (AKA APT29 or Cozy Bear), this timeline shows additional campaigns from know well actors such as: TA453 (AKA Charming Kittens), APT28 (AKA Fancy Bear), the Lazarus Group, and Tortoiseshell.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/07/2021
Since 2019
-
APT28 AKA Fancy Bear, Strontium
US networks
The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks via Kubernetes clusters to access US networks and steal email and files.
Brute Force
Y Multiple Industries
CE
US
APT28, Fancy Bear, Strontium, Kubernetes
2
01/07/2021
Between 03/06/2020 and 26/09/2020
-
?
Arthur J. Gallagher (AJG)
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, mails breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.
Malware
K Financial and insurance activities
CC
US
Arthur J. Gallagher, AJG, ransomware
3
01/07/2021
-
28/6/2021
1945VN?
Tamil Nadu's Public Distribution System (PDS)
5.2 million citizens from the Public Distribution System (PDS) of the state of Tamil Nadu have their data on sale.
Unknown
O Public administration and defence, compulsory social security
CC
IN
Tamil Nadu, Public Distribution System, PDS
4
01/07/2021
During June 2021
During June 2021
Wizard Spider
Undisclosed target
FortiGuard Labs security researchers discover a new ransomware strain dubbed Diavol, linked to Wizard Spider, the cybercrime group behind the Trickbot botnet.
Malware
Z Unknown
CC
N/A
FortiGuard Labs, Diavol, Wizard Spider, Trickbot
5
01/07/2021
Between 08/02/2021 and 03/03/2021
24/4/2021
?
MonPass
Researchers from Avast reveal that MonPass, a Mongolian certification authority official website was compromised to distribute Cobalt Strike binaries.
Malware
O Public administration and defence, compulsory social security
CE
MN
Avast, MonPass, Cobalt Strike
6
01/07/2021
During April 2021
During April 2021
IndigoZebra
Office of the President of Afghanistan
Researchers from Check Point reveal the details of the latest campaign of the Chinese APT IndigoZebra targeting the Office of the President of Afghanistan
Targeted Attack
O Public administration and defence, compulsory social security
CE
AF
Check Point, Chinese APT, IndigoZebra, Office of the President of Afghanistan
7
01/07/2021
Since June 2021
-
Wizard Spider
Home banking users
Researchers from Kryptos Logic discover a new version of the TrickBot malware with a revamped module that tries to intercept credentials for e-banking websites.
Malware
K Financial and insurance activities
CC
>1
Kryptos Logic, TrickBot.
8
01/07/2021
During May and June 2021
During May and June 2021
Filipino Department of Science and Technology (DOST) and Army.
Filipino media outlets Bulatlat and Altermidya, and Filipino human rights group Karapatan
Qurium Media Foundation, a Swedish digital rights nonprofit says it has observed a targeted campaign of DDoS attacks against Filipino media outlets and a human rights group that appear to be linked to the country’s Department of Science and Technology (DOST) and Army.
DDoS
J Information and communication
CC
PH
Qurium Media Foundation, Filipino Department of Science and Technology, DOST, Filipino Army, Bulatlat, Altermidya, Karapatan
9
01/07/2021
-
-
?
Facebook users
Security researchers from Dr.Web discover nine Android applications hosted on the official Google Play Store that contain functionality to steal Facebook account credentials.
Malware
Y Multiple Industries
CC
>1
Dr.Web, Android, Google Play Store, Facebook
10
01/07/2021
22/6/2021
-
?
Vulnerable KGUARD DVR devices
Researchers from Netlab 360 discover an additional Mirai variant called "mirai_ptea", exploiting an undisclosed KGUARD DVR vulnerability.
Undisclosed KGUARD DVR vulnerability
Y Multiple Industries
CC
>1
Netlab 360, Mirai, mirai_ptea, KGUARD DVR
11
01/07/2021
-
-
?
Single individuals
Researchers from Proofpoint discover a new campaign delivering multiple malware samples via Smoke Loader distributed via a fake Privacy Tool website.
Malware
X Individual
CC
>1
Proofpoint, Smoke Loader, Privacy Tool
12
01/07/2021
During January 2021
-
?
Dotty’s
Dotty’s, a company operating some 120 gaming venues in Nevada, notifies it suffered a malware attack in January 2021.
Malware
R Arts entertainment and recreation
CC
US
Dotty’s
13
01/07/2021
-
-
?
Kawasaki Kisen Kaisha
Japanese shipping company Kawasaki Kisen Kaisha issues a statement confirming that its computer systems were breached with “unauthorized access to overseas subsidiary systems.”
Unknown
H Transportation and storage
CC
JP
Kawasaki Kisen Kaisha
14
01/07/2021
22/5/2021
22/5/2021
?
Pacific Market Research (PMR)
Pacific Market Research (PMR) notifies about a ransomware attack affecting 16,000 individuals.
Malware
N Administrative and support service activities
CC
US
Pacific Market Research, PMR, ransomware
15
01/07/2021
-
-
?
Mandemakers Groep (DMG)
Kitchen and furniture seller De Mandemakers Groep (DMG) is hit by a cyber attack.
Unknown
G Wholesale and retail trade
CC
NL
Mandemakers Groep, DMG
16
01/07/2021
-
8/6/2021
?
Florida Blue
Florida Blue, part of Blue Cross Blue Shield, begins notifying more than 30,000 members that their personal information was exposed during an attack on the user database.
Password spray
Q Human health and social work activities
CC
US
Florida Blue
17
01/07/2021
-
-
Babuk
Undisclosed target 1
The Babuk ransomware gang is back in business with a new malware.
Malware
Z Unknown
CC
N/A
Babuk, ransomware
18
01/07/2021
-
-
Babuk
Undisclosed target 2
The Babuk ransomware gang is back in business with a new malware.
Malware
Z Unknown
CC
N/A
Babuk, ransomware
19
01/07/2021
-
-
Babuk
Undisclosed target 3
The Babuk ransomware gang is back in business with a new malware.
Malware
Z Unknown
CC
N/A
Babuk, ransomware
20
02/07/2021
2/7/2021
2/7/2021
REvil AKA Sodinokibi
Kaseya
A massive REvil ransomware attack affects multiple managed service providers and over a thousand of their customers through a reported Kaseya supply-chain attack.
Malware
M Professional scientific and technical activities
CC
US
REvil, Sodinokibi, Kaseya, ransomware
21
02/07/2021
During January 2021
During March 2021
Cl0p
Morgan Stanley
Investment banking firm Morgan Stanley reports a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of Guidehouse, a third-party vendor.
Vulnerability
K Financial and insurance activities
CC
US
Morgan Stanley, Accellion FTA, Guidehouse
22
02/07/2021
-
-
?
Multiple targets
The PrintNightmare 0-day, actively exploited, gets an unofficial patch.
CVE-2021-34527 Vulnerability
Y Multiple Industries
CC
>1
PrintNightmare, 0-day, CVE-2021-34527
23
02/07/2021
Since June 2021
24/6/2021
?
SharePoint
Researchers from Bitdefender discover a phishing campaign targeting Sharepoint users.
Account Takeover
Y Multiple Industries
CC
>1
Bitdefender, Sharepoint
24
02/07/2021
-
-
?
DocuSign users
Researchers from Bitdefender discover a phishing campaign targeting DocuSign users.
Account Takeover
Y Multiple Industries
CC
>1
Bitdefender, DocuSign
25
03/07/2021
3/7/2021
3/7/2021
?
Formula 1 app
Racing fans around the globe receive some unexpected and very strange push notifications from the official Formula 1 app, linked to a targeted cyber attack.
Unknown
R Arts entertainment and recreation
CC
US
Formula 1 app
26
03/07/2021
3/7/2021
3/7/2021
?
booking.moh.gov.ge (registration portal for COVID-19 vaccines in Georgia)
The registration portal for COVID-19 vaccines in Georgia is taken down by a DDoS attack.
DDoS
O Public administration and defence, compulsory social security
CC
GE
booking.moh.gov.ge, COVID-19
27
04/07/2021
4/7/2021
4/7/2021
?
Apex Legends
A hacker defaces the in-game interface of Apex Legends, a popular battle royale shooter game developed by Respawn Entertainment, with messages in support of Titanfall, another game developed by the same company in previous years.
Defacement
R Arts entertainment and recreation
CC
US
Apex Legends, Respawn Entertainment, Titanfall
28
04/07/2021
Between 12/11/2020 and 02/12/2020
10/5/2021
?
Dermatology Group of Arkansas
The Dermatology Group of Arkansas discloses that their patients were hit by a phishing attack.
Account Takeover
Q Human health and social work activities
CC
US
Dermatology Group of Arkansas
29
05/07/2021
-
-
REvil AKA Sodinokibi
MasMovil
The REvil ransomware gang hits Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group.
Malware
J Information and communication
CC
ES
MasMovil, ransomware, REvil, Sodinokibi
30
05/07/2021
24/5/2021
24/5/2021
?
WSSC Water
WSSC Water is investigating a ransomware attack that affected non-essential business systems
Malware
E Water supply, sewerage waste management, and remediation activities
CC
US
WSSC Water, ransomware
31
05/07/2021
5/7/2021
5/7/2021
?
Municipality of Oradea
The Municipality of Oradea, in Romania, suffers a malware attack.
Malware
O Public administration and defence, compulsory social security
CC
RO
Municipality of Oradea
32
06/07/2021
-
-
?
GETTR
Newly launched Pro-Trump social site GETTR suffers a data breach after a hacker claimed to use an unsecured API to scrape the private information of almost 90,000 members and then shared the data on a hacking forum.
Vulnerability
J Information and communication
CC
US
Donald Trump, GETTR
33
06/07/2021
3/7/2021
-
APT29 AKA Cozy Bear
Republican National Committee via Synnex
Synnex is hit by a cyber attack, allegedly carries out by APT29. However the Republican National Committee says none of its data is compromised.
Targeted Attack
M Professional scientific and technical activities
CE
US
Republican National Committee, Synnex, APT29, Cozy Bear
34
06/07/2021
-
-
HIDDEN COBRA AKA Lazarus
Job-seeking engineers
Researchers from AT&T Alien Labs discover a new campaign by the notorious Lazarus APT group, spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates.
Targeted Attack
X Individual
CE
>1
AT&T Alien Labs, Lazarus HIDDEN COBRA
35
06/07/2021
22/4/2021
26/4/2021
?
Marsh & McLennan Cos. Inc.
Marsh & McLennan Cos. Inc. is hit by a data breach involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage.
Vulnerability
M Professional scientific and technical activities
CC
US
Marsh & McLennan Cos. Inc.
36
06/07/2021
4/7/2021
4/7/2021
Indian Cyber Troops
Sindh High Court
The official website of the Sindh High Court is defaced by a group of hackers known as the ‘Indian Cyber Troops’.
Defacement
O Public administration and defence, compulsory social security
H
PK
Sindh High Court, Indian Cyber Troops
37
07/07/2021
-
-
?
Android users
Researchers from Lookout reveal that scammers tricked at least 93,000 people into buying 170 fake Android cryptocurrency mining applications, in two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs).
Malware
X Individual
CC
>1
Lookout, Android, BitScam, CloudScam
38
07/07/2021
-
-
SideCopy
Government Entities in India
Researchers from Cisco Talos reveal the details of a new campaign by the SideCopy APT, targeting entities in India.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
Cisco Talos, SideCopy
39
07/07/2021
Since at least one year
-
?
Energy, oil and gas, and other companies around the world
Researchers from Intezer discover a new campaign targeting energy, oil and gas, and other companies around the world, and designed to deliver malware capable of stealing usernames, passwords and other sensitive information in what's believed to be the first stage of a wider campaign.
Malware
Y Multiple Industries
CC
>1
Intezer
40
07/07/2021
-
-
?
Wiregrass Electric Cooperative
Wiregrass Electric Cooperative is hit with a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Wiregrass Electric Cooperative, ransomware
41
07/07/2021
-
-
?
Multiple targets
Researchers from Malwarebytes and Trustwave discover spam campaigns that leverage news of the Kaseya patches to deliver a piece of malware.
Malware
Y Multiple Industries
CC
>1
Malwarebytes, Trustwave, Kaseya
42
07/07/2021
Since May 2021
During Spring 2021
WildPressure
Industrial sector in the Middle East
Researchers from Kaspersky discover a new variant of the WildPressure campaign, focused on the industrial sector in the Middle East, and expanded to also target Mac computers.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, WildPressure, Mac
43
07/07/2021
-
-
?
Multiple organizations in Australia
The Australian Cyber Security Centre (ACSC) warns that it had identified “a number of Australian organizations breached through the exploitation of the CVE-2021-35464 vulnerability affecting ForgeRock Access Management.
CVE-2021-35464 vulnerability
Y Multiple Industries
CC
AU
Australian Cyber Security Centre, ACSC, CVE-2021-35464, ForgeRock Access Management
44
07/07/2021
-
-
Bandidos
South American commercial networks
Researchers from ESET disclose Bandidos, a malware espionage campaign targeting South American commercial networks, with the majority of efforts (90%) focused on Venezuela,
The City of Joplin is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Joplin, ransomware
47
08/07/2021
-
-
?
Multiple targets
Researchers from McAfee discover a new campaign distributing the ZLoader malware using a new technique to evade detection, the macros in the attachments don’t carry malicious code, but instead fetch it from a remote location after the document has been opened.
Malware
Y Multiple Industries
CC
>1
McAfee, Zloader
48
08/07/2021
Since June 2020
-
?
Black Widow watchers
Researchers from Kaspersky warn that scammers are using the highly anticipated Black Widow movie as a way to steal credit card information and commit other cybercrimes.
Account Takeover
R Arts entertainment and recreation
CC
>1
Kaspersky, Black Widow
49
08/07/2021
-
-
?
Hive OS users
A new malware specifically targets the wallet configuration file within Hive OS to steal the victim’s cryptocurrencies.
Malware
V Fintech
CC
>1
Hive OS, Crypto
50
08/07/2021
-
28/6/2021
Vice Society
Whitehouse Independent School District
Whitehouse Independent School District confirms it suffered a cyber attack carried out by Vice Society.
Unknown
P Education
CC
US
Whitehouse Independent School District, Vice Society
51
08/07/2021
Between 28/05/2021 and 04/06/2021
4/6/2021
Cuba Ransomware
Forefront Dermatology
Forefront Dermatology issues a press release about a ransomware attack that began in May. 2.4M patients and employees data is compromised.
Malware
Q Human health and social work activities
CC
US
Forefront Dermatology, ransomware, Cuba
52
09/07/2021
25/12/2020
-
?
Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp.
Practicefirst Medical Management Solutions and PBS Medcode recently notified 1.2 million patients that their data was accessed and stolen from its network, ahead of a ransomware attack deployed on Dec. 25, 2020.
Malware
M Professional scientific and technical activities
CC
US
Professional Business Systems, Inc., Practicefirst Medical Management Solutions, PBS Medcode Corp., ransomware
53
09/07/2021
9/7/2021
9/7/2021
?
Train services in Iran
Train services in Iran are delayed by apparent cyberattacks, with attackers posting the phone number of the country's supreme leader Ayatollah Ali Khamenei, as the number to call for information.
Unknown
H Transportation and storage
H
IR
Ayatollah Ali Khamenei
54
09/07/2021
-
-
?
Cryptocurrency owners
The Federal Bureau of Investigation (FBI) warns cryptocurrency owners, exchanges, and third-party payment platforms of threat actors actively targeting virtual assets in attacks that can lead to significant financial losses.
Multiple techniques
V Fintech
CC
US
Federal Bureau of Investigation, FBI, Crypto
55
09/07/2021
-
-
DEV-0322
SolarWinds customers
SolarWinds urges customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" (allegedly based out of China) in attacks targeting a limited number of customers.
CVE-2021-35211 Vulnerability
Y Multiple Industries
CE
>1
SolarWinds, Serv-U, CVE-2021-35211
56
09/07/2021
Between 02/02/201 and 23/02/2021
-
DarkSide
Guess
American fashion brand and retailer Guess notifies affected customers of a data breach following a February ransomware attack that led to data theft.
Malware
G Wholesale and retail trade
CC
US
Guess, Darkside, ransomware
57
09/07/2021
-
-
?
Online gambling companies in China
Researchers from Trend Micro discover a watering hole attack exploiting compromised gambling sites to deliver a new remote access trojan (RAT) called BIOPASS that enables watching the victim’s computer screen in real time.
Malware
R Arts entertainment and recreation
CC
CN
Trend Micro, BIOPASS
58
09/07/2021
9/7/2021
9/7/2021
?
Kazakhstan government's 'Open Budgets' (legalacts.egov.kz site and budget.egov.kz)
Kazakhstan government's 'Open Budgets' website is hacked to distribute malicious office documents that installed the Razy malware.
Malware
O Public administration and defence, compulsory social security
CC
KZ
Kazakhstan, Open Budgets, legalacts.egov.kz site, budget.egov.kz
59
09/07/2021
9/7/2021
9/7/2021
?
Classic Football Shirts
Classic Football Shirts, a firm selling retro football team shirts and merchandise apologises to customers after a cyber-security attack accessed their data.
Unknown
G Wholesale and retail trade
CC
UK
Classic Football Shirts
60
09/07/2021
-
-
?
New South Wales (NSW) Department of Education
The New South Wales (NSW) Department of Education in Australia deactivates some internal systems after becoming the victim of a cyber-attack.
Unknown
P Education
CC
AU
New South Wales (NSW) Department of Education
61
09/07/2021
26-27/04/2021
-
?
Bank of Oak Ridge
The Bank of Oak Ridge suffers a cyber attack.
Malware
K Financial and insurance activities
CC
US
Bank of Oak Ridge
62
10/07/2021
Between 08/06/2021 and 10/06/2021
-
?
Mint Mobile
Mint Mobile discloses a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier.
Unknown
J Information and communication
CC
US
Mint Mobile
63
12/07/2021
-
-
?
Multiple targets
Researchers from Bitdefender discover reveal a resurgence of the Trickbot trojan with a new espionage module.
Malware
Y Multiple Industries
CE
>1
Bitdefender, Trickbot
64
12/07/2021
9/7/2021
9/7/2021
?
Royatonic
The Royatonic SPA in France suffers a ransomware attack.
Malware
R Arts entertainment and recreation
CC
FR
Royatonic, ransomware
65
12/07/2021
5/7/2021
5/7/2021
?
York Animal Hospital
York Animal Hospital is hit with a ransomware attack that wiped all patient records from the past four years.
Malware
Q Human health and social work activities
CC
US
York Animal Hospital, ransomware
66
12/07/2021
-
-
?
Spread Group
Spread Group notifies the clients of Spreadshirt, Spreadshop, and TeamShirts of a data breach which has seen the details of customers, partners, and employees fall into the hands of cybercriminals.
Unknown
G Wholesale and retail trade
CC
DE
Spread Group, Spreadshirt, Spreadshop, TeamShirts
67
12/07/2021
Between 21/10/2019 and 18/12/2019
-
?
The Millennia Companies
The Millennia Companies notifies of an unauthorized access to some employee email accounts.
Account Takeover
N Administrative and support service activities
CC
US
The Millennia Companies
68
13/07/2021
-
-
?
Undisclosed target(s)
In its Patch Tuesday, Microsoft patches nine 0-day vulnerabilities, four of which are actively exploited.
Microsoft's Digital Crimes Unit (DCU) seizes 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company's customers.
Business Email Compromise
Y Multiple Industries
CC
>1
Microsoft, Digital Crimes Unit, DCU
70
13/07/2021
During June 2021
-
?
Multiple targets
Researchers from Cofense detect a new phishing campaign trying to deliver the BazarBackdoor malware by using the multi-compression technique and masking it as an image file.
Malware
Y Multiple Industries
CC
>1
Cofense, BazarBackdoor
71
13/07/2021
Since at least January 2021
-
TA453 AKA Charming Kitten
Experts in Middle Eastern affairs from universities, think tanks and the media
Researchers from ProofPoint reveal the details of Operation SpoofedScholars, an Iranian cyber-espionage campaign using spoofed identities of real academics at the University of London’s School of Oriental and African Studies (SOAS), in phishing attacks designed to steal password details
Account Takeover
X Individual
CE
>1
ProofPoint, TA453, Operation SpoofedScholars, University of London’s School of Oriental and African Studies, SOAS, Charming Kitten
72
13/07/2021
Since September 2021
-
?
Android users
Researchers from Zimperium discover a wave of 1,000 additional samples of the joker malware.
Malware
X Individual
CC
>1
Zimperium, Joker, Android
73
13/07/2021
8/3/2021
26/4/2021
?
ClearBalance
ClearBalance notifies more than 209,000 patients that it suffered a phishing attack.
Account Takeover
K Financial and insurance activities
CC
US
ClearBalance
74
13/07/2021
-
-
?
Single individuals
A new phishing scam leverages text messages posing as the state Motor Vehicle Commission.
Account Takeover
X Individual
CC
US
Motor Vehicle Commission.
75
14/07/2021
-
-
?
Instituto Nacional Electoral (INE)
91 million records from the Instituto Nacional Electoral (INE) are leaked in the dark web.
Unknown
O Public administration and defence, compulsory social security
CC
MX
Instituto Nacional Electoral, INE
76
14/07/2021
Since October 2020
-
HoneyMyte
Hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.
Kaspersky researchers reveal LuminousMoth, an ongoing and large-scale advanced persistent threat (APT) campaign with hundreds of victims from Southeast Asia, including Myanmar and the Philippines government entities.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Kaspersky, LuminousMoth, HoneyMyte
77
14/07/2021
Earlier in 2021
-
Nobelium AKA APT29 or Cozy Bear
Government officials from western European countries
Resarchers from Google reveal the details of a campaign exploiting a WebKit/Safari flaw to target government officials from western European countries by sending them malicious links via LinkedIn.
CVE-2021-1879 vulnerability
O Public administration and defence, compulsory social security
Resarchers from Google reveal the details of a campaign exploiting two Chrome vulnerabilities to target some organizations in Armenia.
CVE-2021-21166 and CVE-2021-30551 vulnerabilities
Z Unknown
CE
AM
Google, CVE-2021-21166, CVE-2021-30551
79
14/07/2021
Since April 2021
During April 2021
Government-backed actors
Victims in Armenia
Resarchers from Google reveal the details of a campaign exploiting an Internet Explorer vulnerability to target users in Armenia.
CVE-2021-33742 vulnerability
X Individual
CE
AM
Google, CVE-2021-33742
80
14/07/2021
-
-
HelloKitty
Multiple targets
A new version of the HelloKitty ransomware now targets VMware ESXi Servers.
Malware
Y Multiple Industries
CC
>1
HelloKitty, ransomware, VMware ESXi
81
14/07/2021
12/7/2021
12/7/2021
?
D-BOX Corporation
D-BOX Corporation announces that the company was subject to a ransomware cyberattack on its information technology systems.
Malware
C Manufacturing
CC
CA
D-BOX Corporation, ransomware
82
14/07/2021
Since at least 2020
-
-
Linux machines with weak passwords
Researchers from Bitdefender reveal the details of a cryptojacking gang, likely based in Romania, using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords.
Brute Force
Y Multiple Industries
CC
>1
Bitdefender, Diicot brute, crypto
83
15/07/2021
Since the past few weeks
-
HelloKitty
SonicWall customers
SonicWall issues an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.
Undisclosed vulnerability
Y Multiple Industries
CC
>1
SonicWall, ransomware, Secure Mobile Access, SMA 100, Secure Remote Access, SRA, HelloKitty
84
15/07/2021
-
-
?
At least 100 victims in multiple countries
Microsoft and Citizen Lab link the Israeli spyware company Candiru (also tracked as Sourgum) to a new Windows spyware dubbed DevilsTongue deployed using now patched Windows zero-day vulnerabilities CVE-2021-31979 and CVE-2021-33771.
Google releases Chrome 91.0.4472.164 to fix seven security vulnerabilities, one of them, CVE-2021-30563, a high severity zero-day vulnerability exploited in the wild.
CVE-2021-30563 vulnerability
Z Unknown
N/A
>1
Chrome 91.0.4472.164, CVE-2021-30563
86
15/07/2021
23/4/2021
-
?
Aruba.it
Aruba.it, an Italian hosting provider, notifies its users of a breach occurred back in April 2021.
Unknown
M Professional scientific and technical activities
CC
IT
Aruba.it
87
15/07/2021
15/7/2021
15/7/2021
?
Moldova's "Court of Accounts"
Moldova's "Court of Accounts" suffers a cyberattack leading to the agency's public databases and audits being destroyed.
Unknown
O Public administration and defence, compulsory social security
CC
MD
Moldova, Court of Accounts
88
15/07/2021
7/7/2021
7/7/2021
?
Comparis
Swiss price comparison platform Comparis notifies customers of a data breach following a ransomware attack that hit and took down its entire network last week.
Malware
K Financial and insurance activities
CC
CH
Comparis, rabsomware
89
15/07/2021
Since 2018
-
Tortoiseshell
Military personnel and people in the aerospace and defense industries in the United States
Facebook says it has disrupted a network tied to Iran attempting to distribute malware via malicious links shared under fake personas.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
Facebook, Tortoiseshell, Iran
90
15/07/2021
During June 2021
-
?
Coinbase users
Researchers from Inky discover a phishing campaign targeting Coinbase users.
Account Takeover
V Fintech
CC
US
Inky, Coinbase
91
15/07/2021
-
-
DragonForce Malaysia
Israeli Banking Sector
In name of #OpsBedil, the hacktivist group DragonForce Malaysia launches a DDoS campaign against the Israeli Banking Sector.
DDoS
K Financial and insurance activities
H
IL
#OpsBedil, DragonForce Malaysia, Israel, Banks
92
15/07/2021
-
-
DragonForce Malaysia
Israeli Citizens
In name of #OpsBedil, the hacktivist group DragonForce Malaysia leaks Israeli passport data.
Unknown
Z Unknown
H
IL
#OpsBedil, DragonForce Malaysia
93
15/07/2021
-
-
DragonForce Malaysia
Two Israeli religious sites
In name of #OpsBedil, the hacktivist group DragonForce Malaysia hacks two Israeli religious sites
Unknown
S Other service activities
H
IL
#OpsBedil, DragonForce Malaysia
94
15/07/2021
-
-
DragonForce Malaysia
50 Israeli companies
In name of #OpsBedil, the hacktivist group DragonForce Malaysia leak the VPN credentials for at least 50 Israeli companies.
Unknown
Y Multiple Industries
H
IL
#OpsBedil, DragonForce Malaysia
95
15/07/2021
-
-
DragonForce Malaysia
Ramon Airport and other airline-related organizations.
In name of #OpsBedil, the hacktivist group DragonForce Malaysia defaces the Ramon Airport and other airline-related organizations.
Defacement
H Transportation and storage
H
IL
#OpsBedil, DragonForce Malaysia, Ramon Airport
96
15/07/2021
-
13/7/2021
?
Vulnerable WordPress server
A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin are under attack.
WordPress plugin vulnerability
Y Multiple Industries
CC
>1
WooCommerce, WordPress
97
15/07/2021
-
-
?
Nottingham City Transport (NCT)
Nottingham City Transport (NCT) is hit by a cyber attack.
Unknown
H Transportation and storage
CC
UK
Nottingham City Transport, NCT
98
15/07/2021
During May 2021
-
?
Linkedin Users
Researchers from Armorblox discover a LinkedIn credential phishing attack, sent from a compromised university email account and hosting its phishing page on Google Forms.
Account Takeover
Z Unknown
CC
N/A
Armorblox, LinkedIn, Google Forms
99
15/07/2021
Between 19/01/2021 and 23/01/2021
23/1/2021
?
Diamond Foods
Diamond Foods discloses both a hack of its network and the incidental discovery that an employee’s email account had also been compromised previously
Unknown
I Accommodation and food service activities
CC
US
Diamond Foods
100
15/07/2021
-
30/6/2021
PayOrG AKA PayOrGrief
Booneville School District
Booneville School District is hit with a PayOrGrief ransomware attack.
Malware
P Education
CC
US
Booneville School District, PayOrG, PayOrGrief
101
15/07/2021
-
29/6/2021
PayOrG AKA PayOrGrief
Lancaster Independent School District
Lancaster Independent School District is hit with a PayOrGrief ransomware attack.
Malware
P Education
CC
US
Lancaster Independent School District, PayOrG, PayOrGrief
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Yesterday I have published the Cyber Attacks Timelines of June (part I and part II), so now I can finally publish the statistics. In June I have collected 211 significant events…