Let’s analyze the events occurred in the first half of August 2021, a Summer characterized by ransomware that, in this timeline, accounts for 36 events out of 91 (39.6%), a sharp increase, driven by the exploitation en masse of vulnerabilities targeting remote access technologies, compared with 25% of August and fueled by the high-profile attacks carried out by the RansomEXX and LockBit 2.0 gangs (Italy was particularly targeted in this period). Another reason of this value resides in the fact that many operation carried out by the PYSA gang during the previous month were disclosed only in this month. Healthcare organizations and local government continue to be the preferred targets for ransomware gangs.
Beside ransomware, but this is not surprising any longer, other remarkable events of this fortnight include the breach suffered by a well-known mobile operator, and the largest crypto hack recorded so far, leading to the theft of $600M worth of cryptocurrencies, but with a surprising happy ending with the alleged author returning the stolen fund and being hired by the targeted company as a security advisor.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
A look at the cyber espionage landscape confirms quite an active sector with multiple operations carried out by well-known actors such as Soft Cell, Naikon APT and Emissary Panda (targeting major telecommunications companies in Asia in a long lasting operation), APT29, APT31 (very active lately, even in Russia), and Charming Kitten. In this complicated moment, grabbing the secrets of other countries has a special value…
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
02/08/2021
-
-
Multiple threat actors
Multiple organizations
Threat actors are actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference.
Microsoft Exchange, ProxyShell, CVE-2021-34473,
CVE-2021-34523,
CVE-2021-31207
2
02/08/2021
-
-
?
Multiple organizations
Researchers from AT&T Alien Labs discover a new remote access trojan malware dubbed FatalRAT and distributed via forums and Telegram channels, hidden in download links that attempt to lure the user via software or media articles.
Malware
Y Multiple Industries
CC
>1
AT&T Alien Labs, FatalRAT, Telegram
3
02/08/2021
-
-
?
Paxton Media Group
Paxton Media Group suffers a cyber attack that potentially compromised employees’ birthdates, Social Security numbers and banking data.
Unknown
J Information and communication
CC
US
Paxton Media Group
4
03/08/2021
1/8/2021
1/8/2021
LockBit 2.0
Regione Lazio
The Lazio region in Italy (Regione Lazio) suffers a reported ransomware attack that disables the region's IT systems, including the COVID-19 vaccination registration portal.
Malware
O Public administration and defence, compulsory social security
Researchers from Cybereason reveal the details of DeadRinger, three cyberespionage campaigns focused on compromising networks belonging to major telecommunications companies.
Researchers from Sophos discover a new version of the Raccoon Stealer stealer-as-a-service upgraded by its developer in order to steal cryptocurrency alongside financial information.
Malware
Y Multiple Industries
CC
>1
Sophos, Raccoon Stealer
7
03/08/2021
From January to July 2021
During April 2021
APT31 (AKA Zirconium, Judgment Panda, Red Keres)
Organizations in Mongolia, Belarus, Canada, the United States, and Russia
Researchers from Positive Technologies discover a new campaign by APT31 targeting organizations in Mongolia, Belarus, Canada, the United States, and Russia.
Targeted Attack
Y Multiple Industries
CE
>1
Positive Technologies, APT31, Zirconium, Judgment Panda, Red Keres
8
03/08/2021
During 2020
During May 2021
TA428 and TaskMasters
Russian government agencies
Researchers from Group-IB reveal the details of a series of campaigns carried out by two Chinese threat actors (TA428 and TaskMasters) targeting Russian government agencies.
Targeted Attack
Y Multiple Industries
CE
RU
Group-IB, TA428, TaskMasters
9
03/08/2021
2/5/2021
4/6/2021
?
UNM Health (University of New Mexico Health)
UNM Health reveals that tithe data belonging to 637,252 patients was accessed and exfiltrated in May 2021, after a threat actor gained access to the health system’s network. The incident was not discovered until June 4, two months after the initial access began.
Unknown
Q Human health and social work activities
CC
US
UNM Health, University of New Mexico Health
10
03/08/2021
End of July 2021
End of July 2021
?
Isle of Wight Education Federation
Isle of Wight Education Federation (six schools) discloses that its IT systems were compromised last week by a ransomware attack which has encrypted its data.
Malware
P Education
CC
UK
Isle of Wight Education Federation, ransomware
11
03/08/2021
-
-
PYSA
Children’s Network of Southwest Florida
Children’s Network of Southwest Florida is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
Children’s Network of Southwest Florida, PYSA, ransomware
12
03/08/2021
-
-
PYSA
Drug Alcohol Testing and Screening Compliance
Drug Alcohol Testing and Screening Compliance is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
Drug Alcohol Testing and Screening Compliance, PYSA, ransomware
13
03/08/2021
-
-
PYSA
Upstate Home Care
Upstate Home Care is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
Upstate Home Care, PYSA, ransomware
14
03/08/2021
-
23/2/2021
PYSA
Bolton Street Pediatrics
Bolton Street Pediatrics is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
Bolton Street Pediatrics, PYSA, ransomware
15
03/08/2021
-
29/11/2020
PYSA
Overlake Obstetricians & Gynecologists
Overlake Obstetricians & Gynecologists is listed among the victims of the PYSA ransomware.
Mid-Florida Pathology is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
Mid-Florida Pathology, PYSA, ransomware
17
03/08/2021
-
25/11/2020
PYSA
St. Margaret’s Hospice
St. Margaret’s Hospice is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
St. Margaret’s Hospice, PYSA, ransomware
18
03/08/2021
-
14/3/2021
PYSA
Bridgeway Inc.
Bridgeway Inc. is listed among the victims of the PYSA ransomware.
Malware
Q Human health and social work activities
CC
US
Bridgeway Inc., PYSA, ransomware
19
03/08/2021
From 14/02/2021 to 02/04/2021
-
?
Vision for Hope
Vision for Hope notifies to have suffered a phishing incident.
Account Takeover
Q Human health and social work activities
CC
US
Vision for Hope
20
03/08/2021
-
-
Cl0p
Lehigh Valley Health Network
Lehigh Valley Health Network notifies patients that their data was stolen in the Accellion data breach
Vulnerability
Q Human health and social work activities
CC
US
Lehigh Valley Health Network
21
04/08/2021
-
-
LockBit 2.0
ERG
Italian energy company ERG reports "only a few minor disruptions" affecting its IT infrastructure following a ransomware attack on its systems.
Malware
D Electricity gas steam and air conditioning supply
CC
IT
ERG, LockBit 2.0, ransomware
22
04/08/2021
From August 2020 through May 2021
During May 2021
Charming Kitten (AKA Phosphorus, TA435, and ITG18)
Individuals associated with the Iranian reformist movement
Researchers from IBM X-Force discover LittleLooter, a backdoor used by the Iran-linked hacking group Charming Kitten to target individuals associated with the Iranian reformist movement.
Targeted Attack
X Individual
CE
IR
IBM X-Force, LittleLooter, Charming Kitten, Phosphorus, TA435, and ITG18, Android
23
04/08/2021
-
-
BlackMatter
Multiple organizations
The BlackMatter gang joins the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform.
Malware
Y Multiple Industries
CC
>1
BlackMatter, ransomware, Linux, VMware, ESXi
24
04/08/2021
-
-
StealthWorker botnet
Synology NAS devices
Taiwan-based NAS maker Synology warns customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks that lead to ransomware infections.
Brute-force
Y Multiple Industries
CC
>1
Synology, StealthWorker, ransomware
25
04/08/2021
9/7/2021
9/7/2021
?
Advanced Technology Ventures
Advanced Technology Ventures discloses a ransomware attack.
Malware
K Financial and insurance activities
CC
US
Advanced Technology Ventures, ransomware
26
04/08/2021
-
-
?
Single individuals
The Federal Trade Commission warns of phishing scams over unemployment benefits.
Account Takeover
X Individual
CC
US
FTC, Federal Trade Commission
27
04/08/2021
4/8/2021
4/8/2021
Vice Society
Eskenazi Health
Eskenazi Health says an attempted ransomware attack caused the hospital to go on diversion.
Malware
Q Human health and social work activities
CC
US
Eskenazi Health, ransomware, Vice Society
28
04/08/2021
4/8/2021
4/8/2021
?
Sanford Health
Sanford Health sustains an attempted “cyber security incident” and is working to contain its impact.
Unknown
Q Human health and social work activities
CC
US
Sanford Health
29
05/08/2021
Since July 2021
-
LockBit 2.0
Multiple organizations in Australia
The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021.
Malware
Y Multiple Industries
CC
AU
Australian Cyber Security Centre, ACSC, LockBit 2.0, ransomware
30
05/08/2021
"Over the last few months"
In Spring 2021
Prometheus TDS
Over 3000 organizations
Group-IB security researchers share the technical analysis of Prometheus TDS, an underground service that over the past several months has been used for the distribution of various malware families, such as Buer Loader, Campo Loader, Hancitor, IcedID, QBot, and SocGholish.
Four critical infrastructure organizations in a South East Asia
Researchers from Symantec reveal the details of Four critical infrastructure organizations in a South East Asia
Targeted Attack
Y Multiple Industries
CE
>1
Symantec, China, SCADA
32
05/08/2021
Since at least December 2020
During June 2021
?
Vulnerable Linux servers
Researchers from Uptycs discover a crypto-mining botnet in June 2021 breaching Linux servers running Oracle WebLogic or Supervisord, downloading the Linux MSR driver, and then disabling hardware prefetching before installing a version of XMRig to mine cryptocurrency.
CVE-2020-14882 and CVE-2017-11610 vulnerabilities
Y Multiple Industries
CC
>1
Uptycs, Linux, Oracle WebLogic, Supervisord, Linux MSR, XMRig, Crypto
33
05/08/2021
-
Early June 2021
?
University of Kentucky
The University of Kentucky said it discovered a security breach of its Digital Driver’s License platform, one of the test-taking platforms, during a scheduled security penetration test. 350,000 individuals are affected.
Unknown
P Education
CC
US
University of Kentucky, Digital Driver’s License
34
05/08/2021
-
2/8/2021
Kelvin Security
European Commission's Cybersecurity Atlas
The European Commission investigates a breach of its Cybersecurity Atlas project after a copy of the site’s backend database is put up for sale on an underground cybercrime forum.
Unknown
U Activities of extraterritorial organizations and bodies
CC
EU
European Commission, Cybersecurity Atlas, Kelvin Security
35
05/08/2021
During Q2 2021
-
Multiple threat actors
Single individuals
Researchers from Kaspersky reveal a rise in entertainment lures for fraud and phishing, including one campaign capitalizing on the buzz around “Friends: The Reunion.”
Account Takeover
X Individual
CC
>1
Kaspersky, “Friends: The Reunion.”
36
05/08/2021
-
-
?
Illinois State Police (ISP)
The Illinois State Police (ISP) confirms that their FOID (Firearm Owners Identification) card portal had been hit with a cyber attack, and that about 2,000 individuals may have had their information compromised.
Unknown
O Public administration and defence, compulsory social security
CC
US
Illinois State Police, ISP, FOID, Firearm Owners Identification
37
06/08/2021
3/8/2021
3/8/2021
RansomEXX
Gigabyte
Taiwanese motherboard maker Gigabyte is hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid.
Malware
C Manufacturing
CC
TW
Gigabyte, RansomEXX, ransomware
38
06/08/2021
-
-
RansomEXX (or LockBit 2.0?)
Ermenegildo Zegna Group
The RansomEXX ransomware gang leaks files stolen from Italian luxury brand Zegna.
Sittel, an Italian ICT company, is also allegedly hit in the same wave of ransomware attacks.
Malware
J Information and communication
CC
IT
Sittel, ransomware, LockBit 2.0
40
06/08/2021
-
-
LockBit 2.0
Tiscali
Tiscali, the Italian ISP, is also allegedly hit in the same wave of ransomware attacks.
Malware
J Information and communication
CC
IT
Tiscali, ransomware, LockBit 2.0
41
06/08/2021
-
-
LockBit 2.0
Italy's Notaries' Order
The Italian Notaries' Oder is also allegedly hit in the same wave of ransomware attacks.
Malware
N Administrative and support service activities
CC
IT
Italy's Notaries' Order, ransomware, LockBit 2.0
42
06/08/2021
-
-
?
Vulnerable routers with Arcadyan firmware
Researchers from Juniper Threat Labs discover a campaign actively exploiting a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.
Singapore telco StarHub reveals that personal data including mobile numbers and email addresses of 57,191 customers have been found on a third-party data dump website.
Unknown
J Information and communication
CC
SG
StarHub
44
06/08/2021
-
-
ALTDOS
OT Group
OT Group, the Singapore real estate holding company of OrangeTee & Tie and OrangeTee Advisory, suffers a data security breach by the ALTDOS group.
Unknown
L Real estate activities
CC
SG
OT Group, OrangeTee & Tie, OrangeTee Advisory, ALTDOS
45
07/08/2021
-
5/8/2021
?
Engineering Ingegneria Informatica
The Italian ICT company Engineering Ingegneria Informatica discloses to have discovered a possible compromise of access credentials to some of their customers VPN.
Account Takeover
M Professional scientific and technical activities
CC
IT
Engineering Ingegneria Informatica, VPN
46
07/08/2021
Between 27/07/2020 and 17/08/2020
17/8/2020
?
Ibex
Ibex discloses a security incident due to a malware attack occurred on August 2020.
Malware
N Administrative and support service activities
CC
US
Ibex
47
08/08/2021
Between 2018 and 2019
-
aw_cards
Single individuals
Researchers from Cyble discover a threat actor promotes AllWorld Cards, a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums.
Unknown
K Financial and insurance activities
CC
>1
aw_cards, AllWorld Cards
48
08/08/2021
Between 05/08/2021 and 06/08/2021
6/8/2021
?
Chanel Korea
The Korean arm of French luxury brand Chanel issues an apology after personal data belonging to its customers was exposed after a cyber attack.
Unknown
G Wholesale and retail trade
CC
KR
Chanel Korea
49
09/08/2021
Since March 2021
-
FlyTrap
Android users
Researchers from Zimperium discover a new Android threat called FlyTrap, hijacking Facebook accounts of users in more than 140 countries by stealing session cookies.
Malware
X Individual
CC
>1
Zimperium, Android threat, FlyTrap, Facebook
50
09/08/2021
Between February and July 2021
During March 2021
APT29 AKA Cozy Bear, Nobelium, the Dukes
Slovak officials
Researchers from ESET and IstroSec reveal the details of a campaign carried out by APT29, targeting the Slovak government for months.
Targeted Attack
O Public administration and defence, compulsory social security
CE
SK
ESET, IstroSec, APT29, Cozy Bear, Nobelium, the Dukes
51
09/08/2021
-
-
?
RDP servers running on AWS
Researchers from Splunk discover a resurgence of a Crypto botnet targeting RDP servers on Amazon Web Services to mine cryptocurrencies.
Brute-force
Y Multiple Industries
CC
>1
Splunk, RDP
52
09/08/2021
-
-
Water Kappa
Japanese banking users
Researchers from Trend Micro discover a new malvertising campaign distribution the Cinobi banking trojan, stealing the credentials of 11 Japanese financial institutions.
Malvertising
K Financial and insurance activities
CC
JP
Trend Micro, Water Kappa, Cinobi
53
09/08/2021
-
3/8/2021
Hive
Unknown company
The Hive ransomware gang claims to have hacked Greenway Health, despite it's not clear if the data belongs to Greenway Health or a former customer.
Malware
Z Unknown
CC
US
Hive, ransomware, Greenway Health
54
10/08/2021
-
-
eCh0raix
QNAP and Synology NAS devices
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
Malware
Y Multiple Industries
CC
>1
eCh0raix, ransomware, QNAP, NAS
55
10/08/2021
10/8/2021
10/8/2021
Mr White Hat
Poly Network
Poly Network announces it was attacked with $611M worth of cryptocurrency assets having successfully been transferred into the attackers' wallets. Few days after the hacker returns the stolen funds.
Unknown
V Fintech
CC
N/A
Poly Network, Mr White Hat
56
10/08/2021
-
-
?
Undisclosed organizations
In its Patch Tuesday, Microsoft provides mitigation for a vulnerability under active attack.
CVE-2021-36948 vulnerability
Z Unknown
N/A
N/A
Microsoft, CVE-2021-36948
57
10/08/2021
Since January 2019
Since January 2019
UNC215
Israeli organizations
Researchers from Mandiant reveals the details of UNC215, a Chinese cyber-espionage group targeting Israeli organizations, and often using false flags in attempts to disguise as an Iranian threat actor.
CVE-2019-0604
Y Multiple Industries
CE
IL
Mandiant, UNC215
58
10/08/2021
Since June 2021
-
Chaos
Multiple organizations
Researchers from Trend Micro discover a new ransomware, under development, called Chaos, which is being advertised on an underground forum as being available for testing.
Malware
Y Multiple Industries
CC
>1
Trend Micro, ransomware, Chaos
59
10/08/2021
20/4/2021
-
?
Children's Hospital of the King's Daughters
Children's Hospital of the King's Daughters notifies patients that their protected health information was exposed by an email phishing scam.
Account Takeover
Q Human health and social work activities
CC
US
Children's Hospital of the King's Daughters
60
11/08/2021
-
-
LockBit 2.0
Accenture
Accenture is hit by the LockBit 2.0 ransomware. The attackers leak 6 TB of files stolen and demand a $50 million ransom.
Malware
M Professional scientific and technical activities
CC
US
Accenture, LockBit 2.0, ransomware.
61
11/08/2021
Since November 2020
-
AdLoad
macOS users
Researchers from SentinelOne discover a new AdLoad malware variant slipping through Apple's YARA signature-based XProtect built-in antivirus to infect Macs as part of multiple campaigns.
Malware
X Individual
CC
>1
SentinelOne, AdLoad, XProtect
62
11/08/2021
13/7/2021
13/7/2021
Magniber
Victims in South Korea
Researchers from Crowdstrike discover a wave of Magniber ransomware attacks exploiting the PrintNightmare vulnerabilities (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958)
Researchers from Malwarebytes warn about the risks of rogue QR codes.
Account Takeover
X Individual
CC
>1
Malwarebytes, QR codes
64
11/08/2021
-
16/6/2021
?
Electromed
Third-party vendor and device manufacturer Electromed notifies 47,000 patients that their data was potentially compromised after a systems hack earlier this year.
Unknown
C Manufacturing
CC
US
Electromed
65
11/08/2021
Between November and December 2020
During May 2021
?
Facebook users
Facebook reveals to have shut down a Russian campaign that claimed COVID-19 vaccine turns people into chimpanzees
Fake websites, social media profiles
X Individual
CW
>1
Facebook, Russia, COVID-19
66
11/08/2021
-
-
?
Belarus National Civil Status System
A group of anonymous hackers from Belarus breaks into the national civil status system, and the data found shows that between March 2020 and March 2021, the death rate in the country is higher than about 14 times more than the authorities reported.
Unknown
O Public administration and defence, compulsory social security
H
BY
Belarus National Civil Status System, COVID-19
67
11/08/2021
Between 21/01/2021 and 23/01/2021
21/1/2021
?
Waste Management Resources
Waste Management Resources reveals that a data breach has exposed the healthcare information of current and former employees, as well as their dependents.
Unknown
E Water supply, sewerage waste management, and remediation activities
CC
US
Waste Management Resources
68
11/08/2021
Since December 2020
During July 2021
?
Multiple organizations
Aqua Security’s threat research team uncover several supply chain attacks that use malicious container images containing crypto miners, hosted on Docker Hub.
Malicious Docker Images
Y Multiple Industries
CC
>1
Aqua Security, Docker Hub
69
12/08/2021
-
-
Vice Society
Multiple organizations
Researchers from Cisco Talos reveal a new wave of attacks carried out by the Vice Society ransomware gang exploiting the PrintNightmare vulnerabilities (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958)
Trend Micro, Apex One, Apex One as a Service, CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, CVE-2021-36742
73
12/08/2021
-
-
Suspected Chinese government group
Chinese dissidents
A security researcher dubbed Imp0rtp3 discovers Tetris, a web attack framework developed by a suspected Chinese government hacking group, used to exploit vulnerabilities in 58 popular websites to collect data on possible Chinese dissidents.
Watering Hole
X Individual
CE
CN
Imp0rtp3, Tetris, China
74
12/08/2021
Since early July 2021
-
Aggah
Manufacturing companies in Taiwan and South Korea
Researchers from Anomali discover a new campaign by Aggah, exploiting WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.
Malware
C Manufacturing
CE
TW
KR
Anomali, Aggah, WordPress, Warzone RAT
75
12/08/2021
During July 2021
-
LockBit 2.0
Phoenix Services
Property maintenance company Phoenix Services joins the list of the LockBit 2.0 ransomware victims.
Malware
L Real estate activities
CC
NZ
Phoenix Services, LockBit 2.0, Ransomware
76
12/08/2021
During August 2021
-
LockBit 2.0
Haydn
Painting supplies company Haydn joins the list of the LockBit 2.0 ransomware victims.
Malware
G Wholesale and retail trade
CC
NZ
Haydn, LockBit 2.0, Ransomware
77
12/08/2021
-
-
LockBit 2.0
Inline Plumbing
Inline Plumbing joins the list of the LockBit 2.0 ransomware victims.
Malware
N Administrative and support service activities
CC
NZ
Inline Plumbing, LockBit 2.0, ransomware
78
12/08/2021
-
-
?
Twin Falls County
Departments in Twin Falls County, Idaho, are not able to operate normally because of a cyber attack
Malware
O Public administration and defence, compulsory social security
CC
US
Twin Falls County
79
12/08/2021
-
11/8/2021
DeepBlueMagic
Multiple organizations
Researchers from Heimdal discover a new ransomware dubbed "DeepBlueMagic", which also deletes Volume Shadow copy for Windows, making recovery all but impossible without a decryption key.
Malware
Y Multiple Industries
CC
>1
Heimdal, DeepBlueMagic, ransomware
80
13/08/2021
November 2020?
-
?
Lithuanian Ministry of Foreign Affairs
A cache of 1.6 million emails allegedly stolen from the Lithuanian Ministry of Foreign Affairs is offered for sale on a data-trading forum.
Unknown
O Public administration and defence, compulsory social security
CC
LT
Lithuanian Ministry of Foreign Affairs
81
13/08/2021
During August 2021
During August 2021
?
US brokerage firms and brokers
The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties.
Account Takeover
K Financial and insurance activities
CC
>1
FINRA, US Financial Industry Regulatory Authority
82
13/08/2021
-
-
Multiple threat actors
Multiple organizations
Researchers from Palo Alto Networks discover various malicious campaigns abusing either legitimate challenge and response services (such as Google’s reCAPTCHA) or deploying customized fake CAPTCHA-like validation.
Account Takeover
Y Multiple Industries
CC
>1
Palo Alto Networks, reCAPTCHA, CAPTCHA
83
13/08/2021
Since June 2020
-
?
Single individuals
Researchers from Imperva reveal that bad bot activity rose on sporting and betting sites during sporting events such as Tour De France, EURO 2020 and the Tokyo Olympics.
Account Takeover
X Individual
CC
>1
Imperva, Tour De France, EURO 2020, Tokyo Olympics
84
13/08/2021
Between 16/03/2021 and 13/04/2021
11/6/2021
?
Destination Maternity
Destination Maternity notifies 93,776 employees about an incident that occurred after an unauthorized party gained access to certain systems containing employee data.
Unknown
Q Human health and social work activities
CC
US
Destination Maternity
85
13/08/2021
Between 22/05/2021 and 09/07/2021
14/7/2021
?
Research Foundation for the State University of New York (SUNY)
The Research Foundation for the State University of New York disclosed to have suffered an unauthorized activity on its network between May 22, 2021 and July 9, 2021. 46,734 individuals are notified.
Unknown
P Education
CC
US
Research Foundation for the State University of New York, SUNY
86
14/08/2021
-
-
John Brinns
T-Mobile
T-Mobile investigates a data breach after a threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 50 million customers.
Brute-force
J Information and communication
CC
US
T-Mobile, John Brinns
87
14/08/2021
13/8/2021
13/8/2021
?
Brazilian National Treasury
The Brazilian government releases a note stating the National Treasury has been hit with a ransomware attack on Friday (13).
Malware
O Public administration and defence, compulsory social security
CC
BR
Brazilian National Treasury, ransomware
88
15/08/2021
15/8/2021
15/8/2021
Hive
Memorial Health System
Memorial Health System is hit with a Hive ransomware attack.
Malware
Q Human health and social work activities
CC
US
Memorial Health System, Hive, ransomware
89
15/08/2021
During April 2021
During April 2021
?
Sewage Plant in Mount Desert
The sewage plant in Mount Desert is hit with a ransomware attack.
Malware
E Water supply, sewerage waste management, and remediation activities
CC
US
Mount Desert, ransomware
90
15/08/2021
During July 2021
During July 2021
?
Sewage Plant in Limestone
The sewage plant in Limestone is hit with a ransomware attack.
Malware
E Water supply, sewerage waste management, and remediation activities
CC
US
Limestone, ransomware
91
15/08/2021
-
-
?
Pakistan Federal Board of Revenue (FBR)
A group of unknown hackers are found selling network access to the Pakistan Federal Board of Revenue on a Russian cybercrime forum.
Unknown
O Public administration and defence, compulsory social security
CC
PK
Pakistan Federal Board of Revenue, FBR
92
15/08/2021
15/8/2021
15/8/2021
?
Bar Ilan University
The Bar Ilan University is hit with a ransomware attack.
Malware
P Education
CC
IL
The Bar Ilan University, ransomware
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…