After some rest, the second cyber attacks timeline of July is finally out. It looks like the vacation period has brought a small break also in the threat landscape. In this fortnight I have collected 82 events, a considerable drop compared with the previous period.
Ransomware continues to strongly characterize this period with 21 out of 82 events (25%, a percentage in line with 23% of the previous timeline) directly or indirectly characterized by ransomware, but the real number could be higher given the number of unspecified disruptions. Despite apparently we haven’t seen high-profile events such as the one that hit Kaseya, the incidence continues to be quite high.
The Summer brought also some new mega crypto hacks. In particular THORChain was hit twice for a theoretical total amount stolen equivalent to nearly $15M worth (but in one case the alleged author has asked a 10% bounty).
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The first cyber attacks timeline of July is finally out. In this fortnight I have collected 101 events, a number in line with the previous one (102), confirming…
The Cyber Espionage front continues to be quite crowded with new campaigns from old acquaintances such as APT29 (a new campaign discovered, whose infrastructure has been taken down), APT31 (targeting organizations in France), Mustang Panda (targeting organizations in South East Asia), and Tortoiseshell (targeting employees and contractors working in defense and aerospace), but also new threat actors such as Praying Mantis, GhostEmperor and Ekipa (a new campaign originating from Crimea targeting Russian and pro-Russian individuals),
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/07/2021
-
-
RansomEXX
Corporación Nacional de Telecomunicación (CNT)
Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) suffers a RansomEXX ransomware attack that disrupts business operations, the payment portal, and customer support. The attackers also claim to have stolen 190Gb of data.
Malware
J Information and communication
CC
EC
Corporación Nacional de Telecomunicación, CNT, RansomEXX, ransomware
2
16/07/2021
-
-
?
Cloudstar
Cloudstar, a cloud hosting service and managed service provider for several industry sectors, is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Cloudstar, ransomware
3
16/07/2021
During May 2021
-
?
Virginia Tech
Virginia Tech is hit with a ransomware attack. Apparently no data is stolen.
Malware
P Education
CC
US
Virginia Tech, ransomware
4
16/07/2021
16/7/2021
16/7/2021
?
THORChain
The cross-chain DeFi protocol THORChain suffers the second security breach in less than a month, with the attackers stealing $7.6 million worth of digital assets.
Vulnerability
V Fintech
CC
N/A
THORChain
5
16/07/2021
During June 2021
During June 2021
?
Qsure
An attack on debit order collection company Qsure impacts several South African insurers who use its services.
Unknown
K Financial and insurance activities
CC
ZA
Qsure
6
16/07/2021
-
-
Kiprop
Kenya’s Independent Electoral and Boundaries Commission (IEBC)
The Kenya’s electoral body the Independent Electoral and Boundaries Commission (IEBC) is allegedly hacked, despite it dismisses the claims.
Unknown
O Public administration and defence, compulsory social security
CC
KE
Kenya’s Independent Electoral and Boundaries Commission, IEBC
7
16/07/2021
20/1/2021
-
Cl0p
Community Memorial Health System
Community Memorial Health System's patients may have been affected by the Accellion cyberattack after its billing provider, Guidehouse, is affected by the same breach.
Vulnerability
Q Human health and social work activities
CC
US
Community Memorial Health System, Accellion, Guidehouse
8
18/07/2021
From 2014 to July 2021
During July 2021
Multiple attackers
Human rights defenders and journalists around the world
Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits.
Campbell Conroy & O'Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, discloses a data breach following a February 2021 ransomware attack.
Malware
M Professional scientific and technical activities
The City of Geneva (Ohio) suffers a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Geneva, Ohio, ransomware, Avos Locker
11
19/07/2021
Sometime in 2020
23/6/2021
ZeroX
Saudi Aramco
A threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale, allegedly stolen via a 0-day from a third-party contractor. The attackers reportedly demand $50M.
Unknown 0-day vulnerability
D Electricity gas steam and air conditioning supply
CC
SA
ZeroX, Saudi Aramco
12
19/07/2021
During July 2021
During July 2021
Haron
Multiple organizations
Malware analysts from South Korean security firm S2W Labs discover Haron, a new ransomware operation that heavily borrows from past ransomware operations such as Thanos and the now-defunct Avaddon.
Malware
Y Multiple Industries
CC
>1
S2W Labs, Haron, ransomware, Thanos, Avaddon
13
19/07/2021
-
-
?
Single individuals
A new identity-theft campaign tries to take advantage of the partial collapse of the Champlain Towers South condo building in Surfside, stealing the identities of the victims.
Account Takeover
X Individual
CC
US
Champlain Towers
14
19/07/2021
20/4/2021
20/5/2021
?
University of North Carolina at Chapel Hill School of Medicine (SOM)
University of North Carolina at Chapel Hill School of Medicine (SOM) discloses a phishing attack.
Account Takeover
P Education
CC
US
University of North Carolina at Chapel Hill School of Medicine, SOM
15
19/07/2021
-
-
?
Pionet
Pionet, an Israeli IT company, suffers a ransomware attack.
Malware
M Professional scientific and technical activities
CC
IL
Pionet, ransomware
16
19/07/2021
20/4/2021
20/5/2021
?
UNC Hospitals
UNC Health and Chapel Hill School of Medicine notify 10,832 patients that their data may be exposed in a phishing attack,
Account Takeover
Q Human health and social work activities
CC
US
UNC Health, Chapel Hill School of Medicine
17
20/07/2021
Between December 2011 to 2013
-
Chinese state-sponsored attackers
13 US oil and natural gas (ONG) pipeline companies
A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) reveals that Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees.
Account Takeover
D Electricity gas steam and air conditioning supply
CE
US
Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI
18
20/07/2021
During July 2021
During July 2021
MosaicLoader
Single individuals
Researchers from BitDefender discover an ongoing worldwide campaign is pushing a new malware dubbed MosaicLoader camouflaged as cracked software via search engine advertising to infect wannabe software pirates' systems.
Malware
X Individual
CC
>1
BitDefender, MosaicLoader
19
20/07/2021
Since the end of 2020
-
?
Multiple targets
Researchers from Intezer reveal that threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters.
Misconfiguration
Y Multiple Industries
CC
>1
Intezer, Argo, Kubernetes
20
20/07/2021
20/7/2021
20/7/2021
?
Northern Rail
An apparent ransomware attack results in hundreds of self-service ticket machines across the network being taken offline across the north of England.
Malware
H Transportation and storage
CC
UK
Northern Rail, ransomware
21
20/07/2021
-
-
Joker
Android users
Researchers from Zscaler discover a total of 11 apps infected with the Joker malware and with 30,000 installs.
Malware
X Individual
CC
>1
Zscaler, Joker, Google Play, Android
22
20/07/2021
Between 06/08/2020 and 24/08/2020, and on 02/10/2020.
1/7/2021
?
UnitedHealthcare
More than 2,000 UnitedHealthcare patients are being notified that their data has been potentially exposed after several phishing attacks launched on its broker Academic HealthPlans.
Account Takeover
Q Human health and social work activities
CC
US
UnitedHealthcare, Academic HealthPlans.
23
20/07/2021
15/4/2021
21/5/2021
-
Orlando Family Physicians
Orlando Family Physicians notifies 447,426 patients that it was the victim of a phishing attack on its employee email accounts.
Account Takeover
Q Human health and social work activities
CC
US
24
21/07/2021
Since the beginning in 2021
-
APT31 (AKA Zirconium)
French organizations
The French national cyber-security agency (ANSSI) warns of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group, carried out via a mesh of home routers.
Targeted Attack
Y Multiple Industries
CE
FR
ANSSI, APT31
25
21/07/2021
Since at least June 2020
-
Multiple actors
Multiple targets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) releases an alert about 13 samples found on exploited Pulse Secure devices, largely undetected by antivirus products.
U.S. Cybersecurity and Infrastructure Security Agency, CISA, Pulse Secure, CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, CVE-2021-2289
26
21/07/2021
-
-
?
Single individuals
Researchers at ReversingLabs discover two malicious npm packages able to steal passwords from Chrome.
Malware
X Individual
CC
>1
Researchers, ReversingLabs, npm, Chrome.
27
21/07/2021
-
-
?
Organizations in Japan
Researchers from Mbsd, a Japanese security firm, discover an Olympics-themed malware sample that contains functionality to wipe files on infected systems and appears to be targeted at Japanese PCs.
Malware
Y Multiple Industries
CC
JP
Mbsd, Olympics, Wiper
28
21/07/2021
-
-
?
Tokyo Olympic ticket portal
Login IDs and passwords for the Tokyo Olympic ticket portal are posted to a leak website following a breach.
Unknown
R Arts entertainment and recreation
CC
JP
Tokyo Olympic ticket portal
29
21/07/2021
-
-
FIN7
Undisclosed Law Firm
Researchers from eSentire reveal the details of a FIN7 campaign using a lure relating to a lawsuit against the owner of Jack Daniels whiskey.
Malware
M Professional scientific and technical activities
CC
N/A
eSentire, FIN7
30
21/07/2021
-
-
StrongPity AKA Promethium
Targets across Turkey and Syria
Researchers from Trend Micro reveal the details of the latest campaign of the StrongPity APT, carried out via a malicious Android APK distributed via the Syrian e-government portal.
Targeted Attack
Y Multiple Industries
CE
>1
Trend Micro, StrongPity, Promethium
31
21/07/2021
Over the past six weeks
-
?
Town of Sunset Beach
The town of Sunset Beach is attacked by a series of ransomware hacks.
Malware
O Public administration and defence, compulsory social security
CC
US
Sunset Beach, ransomware
32
22/07/2021
Since August 2020
-
XCSSET
macOS developers
Researchers from Trend Micro discover a new version of the XCSSET malware stealing Telegram accounts and Chrome passwords.
Malware
X Individual
CC
>1
Trend Micro, XCSSET, Telegram, Chrome
33
22/07/2021
-
-
LemonDuck
Multiple organizations
Researchers from Microsoft reveal the details of a new version of the LemonDuck botnet, allowing hands-on-keyboard intrusions.
Malware
Y Multiple Industries
CC
>1
Microsoft, LemonDuck
34
22/07/2021
During June 2021
-
?
Multiple organizations
Researchers from Avanan reveal the details of a phishing campaign hosting the content on Milanote, an application defined as the "Evernote for Creatives".
Malware
Y Multiple Industries
CC
>1
Avanan, Milanote
35
22/07/2021
During July 2021
-
?
Single individuals
Researchers from Kaspersky reveal that scammers are taking advantage of the Olympic Games creating phishing pages offering streaming services, tickets to events that won't have spectators, and even a fake virtual currency.
Account Takeover
X Individual
CC
>1
Kaspersky, Olympic Games
36
22/07/2021
22/7/2021
-
?
Guntrader
Criminals hacked into a Guntrader, a website used for buying and selling firearms, making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK.
SQLi
N Administrative and support service activities
CC
UK
Guntrader
37
22/07/2021
22/7/2021
22/7/2021
?
Transnet
Transnet suffers a disruption of its services allegedly due to a cyber attack.
Unknown
H Transportation and storage
CC
ZA
Transnet
38
23/07/2021
-
-
Multiple actors
Single individuals
Researchers from Kaspersky reveal that scammers are already taking advantage of the hype surrounding Microsoft's next Windows release to push fake Windows 11 installers riddled with malware, adware, and other malicious tools.
Malware
X Individual
CC
>1
Kaspersky, Microsoft, Windows 11
39
23/07/2021
23/7/2021
23/7/2021
?
RAMP (Babuk ransomware gang forum)
A spammer floods the forum of the Babuk ransomware group with gay orgy porn GIFs after the Babuk gang failed to pay a $5,000 ransom demand.
Spam
S Other service activities
CC
RU
RAMP, Babuk, ransomware
40
23/07/2021
Since July 2021
During July 2021
?
Multiple targets
The Microsoft security team said it detected a weeks-long email spam campaign abusing a technique known as “HTML smuggling” to bypass email security systems and deliver malware to user devices.
Malicious Spam
Y Multiple Industries
CC
>1
Microsoft, HTML smuggling
41
23/07/2021
-
16/7/2021
?
Florida's Department of Economic Opportunity (DEO)
Florida's Department of Economic Opportunity (DEO) discloses a data breach that affected its unemployment benefits system and targeted 57,920 claimant accounts.
Unknown
O Public administration and defence, compulsory social security
CC
US
Florida's Department of Economic Opportunity, DEO
42
23/07/2021
23/7/2021
23/7/2021
?
THORChain
Defi protocol THORChain suffers another cyber attack and loses $8 million in a “seemingly whitehat” attack, with the attacker asking for a 10% bounty.
Unknown
V Fintech
CC
N/A
THORChain
43
23/07/2021
21/7/2021
21/7/2021
?
Counties Manukau DHB
Counties Manukau DHB reports a possible data breach after detecting indications of unusual activity on its systems.
Unknown
Q Human health and social work activities
CC
ZA
Counties Manukau DHB
44
23/07/2021
During the previous week
During the previous week
?
Emma Willard School
Emma Willard School is hit with a ransomware attack.
Malware
P Education
CC
US
Emma Willard School, ransomware
45
24/07/2021
24/7/2021
24/7/2021
?
Online petition
A petition website that demands an investigation into the US biological laboratory at Fort Detrick, is hit by two cyberattacks
DDoS
S Other service activities
CC
CN
Fort Detrick,
46
24/07/2021
-
-
PHOBOS
Clinical Hospital in Bucharest
The Clinical Hospital in Bucharest is hit with a PHOBOS ransomware attack.
Malware
Q Human health and social work activities
CC
RO
Clinical Hospital, Bucharest, PHOBOS, ransomware
47
25/07/2021
23/7/2021
23/7/2021
?
City of Thessaloniki
The City of Thessaloniki is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
GR
The City of Thessaloniki, ransomware
48
26/07/2021
-
-
?
iPhone, iPad, and Mac users
Apple releases security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs.
CVE-2021-30807 vulnerability
Z Unknown
N/A
N/A
Apple, iPhone, iPad, Mac, CVE-2021-30807
49
26/07/2021
26/7/2021
26/7/2021
?
SBS News Instagram account
The SBS News Instagram account is hacked. The attacker posts images of the popular fiction 'Vikings'.
Account Takeover
J Information and communication
CC
AU
SBS News, Instagram, Vikings
50
27/07/2021
During 2020
-
Praying Mantis AKA TG1021
Multiple organizations
Researchers from Sygnia reveal the details of Praying Mantis, a new APT group carrying out attacks against Microsoft IIS web servers using old exploits in ASP.NET applications in order to plant a backdoor.
ASP.NET unpatched vulnerabilities
Y Multiple Industries
CE
>1
Sygnia, Praying Mantis, Microsoft IIS, ASP.NET
51
27/07/2021
Between 2/12/2020 and 08/04/2021
8/4/2021
?
UC San Diego Health
UC San Diego Health, the academic health system of the University of California, San Diego, discloses a data breach after the compromise of some employees' email accounts.
Account Takeover
Q Human health and social work activities
CC
US
UC San Diego Health
52
27/07/2021
-
-
LockBit 2.0
Multiple organizations
A new version of the LockBit 2.0 ransomware is found that automates the encryption of a Windows domain using Active Directory group policies.
Malware
Y Multiple Industries
CC
>1
LockBit 2.0, ransomware
53
27/07/2021
Since July 2021
Since July 2021
BlackMatter
Multiple organizations
Researchers from Recorded Future reveal the details of BlackMatter, a new Ransomware-as-a-Service willing to purchase access to corporate networks.
Malware
Y Multiple Industries
CC
>1
Recorded Future, BlackMatter, Ransomware-as-a-Service, ransomware
54
27/07/2021
-
-
?
Investors in the US
The FBI Criminal Investigative Division and Securities and Exchange Commission warn investors of fraudsters impersonating registered investment professionals such as investment advisers and registered brokers.
Fake websites, social media profiles
K Financial and insurance activities
CC
US
FBI, SEC
55
27/07/2021
-
-
?
More than 100 Taiwanese politicians and government officials
The LINE Instant Messaging accounts of more than 100 Taiwanese politicians and government officials have been hacked, and data exfiltrated from devices.
Unknown
O Public administration and defence, compulsory social security
N/A
TW
LINE
56
27/07/2021
-
-
PKPLUG (aka Mustang Panda)
Organizations in South East Asia
Researchers from Palo Alto Networks reveal the details of PKPLUG, a Chinese group exploiting Microsoft Exchange Server vulnerabilities (CVE-2021-26855 and CVE-2021-27065 known as ProxyLogon), to deploy a previously undisclosed type of RAT.
Targeted Attack
Y Multiple Industries
CE
>1
Palo Alto Networks, PKPLUG, Microsoft Exchange, CVE-2021-26855, CVE-2021-27065, ProxyLogon, Mustang Panda
57
27/07/2021
22/1/2021
22/1/2021
?
Allegheny Intermediate Unit
Allegheny Intermediate Unit discloses a ransomware incident.
Malware
Q Human health and social work activities
CC
US
Allegheny Intermediate Unit, ransomware
58
27/07/2021
Earlier in 2021
Earlier in 2021
?
Homewood Health
Homewood Health acknowledges it was hacked earlier this year, has the data dumped and starts to contact affected companies and agencies whose information may be compromised.
Unknown
Q Human health and social work activities
CC
CA
Homewood Health
59
27/07/2021
29/6/2021
29/6/2021
?
City of Grass Valley
The City of Grass Valley discloses to have been hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Grass Valley, ransomware
60
28/07/2021
23/7/2021
-
?
Estonian Identity Documents Database (KMAIS).
A Tallinn man is arrested in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS).
Vulnerability
O Public administration and defence, compulsory social security
CC
EE
Estonian Identity Documents Database, KMAIS
61
28/07/2021
Since 18 months
-
Tortoiseshell AKA TA456 and Imperial Kitten
Employees and contractors working in defence and aerospace
Researchers from ProofPoint reveal the details of a new campaign carried out by the Iranian group Tortoiseshell to target employees and contractors working in defence and aerospace.
Targeted Attack
M Professional scientific and technical activities
Researchers from Sucuri discover a new card stealer malware campaign targeting Magento e-commerce sites, which loads the JavaScript hidden as an animation code.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sucuri, Magento, Magecart
63
29/07/2021
During Q2 2021
-
GhostEmperor
Targets in Southeast Asia, including several government entities and telecom companies
Kaspersky announces its discovery of a unique, long-running operation, called GhostEmperor, using Microsoft Exchange vulnerabilities to target high-profile victims with an advanced toolset.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, GhostEmperor, Microsoft Exchange
64
29/07/2021
Between 13/07/2021 and 16/07/2021
-
?
Chipotle
Researchers from Inky reveal that hackers were able to compromise a Mailgun email marketing account belonging to the Chipotle food chain and used it to send out phishing emails, luring recipients to malicious links.
Account Takeover
Y Multiple Industries
CC
>1
Inky, Mailgun, Chipotle
65
29/07/2021
-
-
?
Python developers
Researchers from Jfrog discover several Python packages aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers.
Malware
X Individual
CC
>1
Python Package Index, PyPI, Python, Jfrog
66
29/07/2021
-
-
?
Android users
Security researchers from ThreatFabric reveal the details of Vultur, a novel piece of Android malware that uses the VNC technology to record and broadcast a victim’s smartphone activity.
Malware
X Individual
CC
>1
ThreatFabric, Vultur, Android, VNC
67
29/07/2021
-
-
?
Foreign companies operating in China
Researchers from Recorded Future discover Spyware-like features inside an app named “Beijing One Pass” that foreign companies operating in China are forced to install on their systems in order to access a digital platform to manage employee state benefits.
Malware
Y Multiple Industries
CE
>1
Recorded Future, “Beijing One Pass”
68
29/07/2021
During July 2021
21/7/2021
Ekipa
Russian and pro-Russian individuals
Researchers from Malwarebytes discover a new campaign targeting Russian and pro-Russian individuals via CVE-2021-26411.
Researchers with Cisco Talos discover new activity from Solarmarker, a .NET-based information stealer and keylogger that they called "highly modular."
Targeted Attack
Y Multiple Industries
CC
>1
Cisco Talos. Solarmarker
70
29/07/2021
Since 2020
-
APT29 AKA Cozy Bear
Multiple organizations
Security researchers from RiskIQ discover more than 30 command and control (C&C) servers that have been actively used by APT29 to deliver the WellMess malware.
Targeted Attack
Y Multiple Industries
CE
>1
RiskIQ, APT29, Cozy Bear, WellMess.
71
29/07/2021
Since March 2021
During July 2021
BazaCall
Multiple organizations
Researchers from Microsoft 365 Defender Threat Intelligence Team identify a new BazaCall campaign in which fake call centers are tricking victims into downloading malware, performing data exfiltration, and deploying ransomware on the affected machine.
Malware
Y Multiple Industries
CC
>1
Microsoft 365 Defender Threat Intelligence Team, BazaCall
72
29/07/2021
30/6/2021
-
?
Multiple targets
Researchers from Cofense identify a new phishing scam that leverages the PayPal brand, and using automated scripts and live chat as a way of compromising devices and bypassing secure email gateways.
Account Takeover
Y Multiple Industries
CC
>1
Researchers from Cofense, PayPal
73
29/07/2021
During July 2021
During July 2021
?
Multiple targets
Researchers from Armorblox discover a credential phishing attack that spoofs a WeTransfer file-sharing notification. The email link leads to a phishing page replete with Microsoft Excel branding and aims to extract the victims’ O365 email credentials.
Account Takeover
Y Multiple Industries
CC
>1
Armorblox, WeTransfer, Office 365
74
30/07/2021
-
-
?
Single individuals
Researchers from Google shut down malicious ad posing as Brave browser but delivering malware.
Malware
Y Multiple Industries
CC
>1
Google, Brave
75
30/07/2021
26/7/2021
26/7/2021
Avos Locker
Coghlin Electrical Corp
Coghlin Electrical Corp suffers an Avos Locker ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Coghlin Electrical Corp, Avos Locker, ransomware
76
30/07/2021
-
-
?
Sandhills Center
Sandhills Center is allegedly hacked by threat actors who claim to have exfiltrated 634 GB of data.
Unknown
Q Human health and social work activities
CC
US
Sandhills Center
77
30/07/2021
-
-
?
Western Cape Blood Service (WCBS)
The Western Cape Blood Service (WCBS) confirms its information systems have been hit by a cyberattack.
Unknown
Q Human health and social work activities
CC
ZA
Western Cape Blood Service, WCBS
78
30/07/2021
Back in April 2021
Back in April 2021
?
Office of the Illinois Attorney General Kwame Raoul
The office of the Illinois Attorney General Kwame Raoul spent more than $2.5 million for cybersecurity after a ransomware hack in April that put the personal data of an unknown number of residents at risk.
Malware
O Public administration and defence, compulsory social security
CC
US
Office of the Illinois Attorney General Kwame Raoul, ransomware
79
30/07/2021
Between 15/03/2021 and 15/04/2021
-
?
Secure Administrative Solutions (SAS)
Renaissance Life & Health Insurance Company of America says they were notified by their vendor, Secure Administrative Solutions LLC (“SAS”), of a ransomware incident that involved unauthorized access to its systems occurred between March 15 and April 15, 2021.
Malware
M Professional scientific and technical activities
CC
US
Renaissance Life & Health Insurance Company of America, Secure Administrative Solutions, SAS, ransomware
80
30/07/2021
-
26/5/2021
?
Wisconsin Institute of Urology
The Wisconsin Institute of Urology discloses a phishing incident.
Account Takeover
Q Human health and social work activities
CC
US
Wisconsin Institute of Urology
81
30/07/2021
-
22/4/2021
?
Wayne County Hospital
Wayne County Hospital notifies 2,016 patients that their data may have been exposed after hackers launched a phishing attack on its employee emails.
Account Takeover
Q Human health and social work activities
CC
US
Wayne County Hospital
82
31/07/2021
-
-
?
Microsoft 365 Organizations
Microsoft's Security Intelligence team issues an alert to Office 365 users and admins to be on the lookout for a "crafty" phishing email with spoofed sender addresses using phishing pages hosted on Google Cloud and Sharepoint.
Account Takeover
Y Multiple Industries
CC
>1
Microsoft's Security Intelligence, Microsoft 365, Google Cloud, Sharepoint.
83
31/07/2021
-
-
Cl0p
Cayuga Medical Center
Cayuga Medical Center joins the list of the victims of the Accellion data breach.
Vulnerability
Q Human health and social work activities
CC
US
Cayuga Medical Center, Accellion
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Yesterday I have published the Cyber Attacks Timelines of June (part I and part II), so now I can finally publish the statistics. In June I have collected 211 significant events…