16-31 August 2021 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Here we go! The second timeline of August 2021 is out (first one here) covering the main cyber attacks occurred in the second fortnight of the same month. And it looks like that the end of Summer led to a decrease in the number of attacks with 78 events, corresponding to the minimum value of the last 12 months. Ransomware continues to dominate the threat landscape, but its percentage dropped to 24.4% (19 out of 78 events) in contrast with 39.6% of the previous fortnight. More ransomware operations have shut down in this period (such as Ragnarok), schools were closed (and the public activity slowed down) in many regions, and maybe the crooks have decided to take a break for the Summer.

A sector that is particularly under attack in this period, is the one of the crypto assets: new multi-million attacks have been recorded targeting Fetch.ai ($2.6 million worth gone with the wind), Liquid ($90 million worth), and Cream Finance ($29 million worth).

Vulnerabilities continue to plague organizations throughout the world, and cyber criminals continue to exploit them: ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-3120) continues to be among the top targets, but new ones have joined the party such as ProxyToken (CVE-2021-33766), and a new vulnerability targeting Confluence servers (CVE-2021-26084) are just few examples.

The Biggest Data Breaches of 2021

Click Here

Leaky Buckets: a List of Cloud Misconfigurations

Click Here

Cloud-Native Threats in 2021

Click Here

Even the cyber espionage front is unusually calm with a number of recorded events considerably lower than what we have been used to during the previous months. APT37 appears to be quite active. This timeline also contains campaigns carried out by Confucius, Siamesekitten, and SparklingGoblin.

Last but not least Iran and Belarus saw the only two attacks motivated by hacktivism, quite resounding in reality: in Iran a hacktivist group dubbed Adalat Ali (Ali’s Justice) breached the internal CCTV system of the Evin prison complex, where in Belarus the Cyber Partisans started to leak documents exposing the government.

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/08/2021	Since June 2021	During July 2021	HolesWarm	Vulnerable servers	A new botnet named HolesWarm has been slowly growing since June this year, exploiting more than 20 known vulnerabilities to break into Windows and Linux servers and then deploy cryptocurrency-mining malware.	Multiple Vulnerabilities	Y Multiple Industries	CC	>1		HolesWarm
2	16/08/2021	-	-	?	Tokio Marine Insurance Singapore (TMiS)	Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack.	Malware	K Financial and insurance activities	CC	SG		Tokio Marine Holdings, Tokio Marine Insurance Singapore, TMiS, ransomware
3	16/08/2021	Since July 2021	-	LockBit 2.0	Targets in Chile, Italy, Taiwan, UK	Researchers from Trend Micro reveal an increase in LockBit 2.0 ransomware attacks in Chile, Italy, Taiwan, UK.	Malware	Y Multiple Industries	CC	>1		Trend Micro, LockBit 2.0 ransomware
4	16/08/2021	During June 2021	During June 2021	?	Multiple organizations	Researchers discover a new Trickbot campaign distributing Cobalt Strike via a fake 1Password installer.	Malware	Y Multiple Industries	CC	>1		Trickbot, Cobalt Strike, 1Password
5	16/08/2021	-	-	AvosLocker	Moorfields NHS UK & Dubai	AvosLocker claims that they exfiltrated 60 GB of data from “Moorfields NHS UK & Dubai.”	Malware	Q Human health and social work activities	CC	UAE		Moorfields NHS UK & Dubai, AvosLocker, Dubai
6	16/08/2021	6/6/2021	-	?	Fetch.ai	Fetch.ai is hit by a cyber attack and loses $2.6 million worth of its holdings.	Unknown	V Fintech	CC	UK		Fetch.ai
7	17/08/2021	Since May 2021	-	Siamesekitten (AKA Lyceum/Hexane)	IT and communication companies in Israel	Researchers from ClearSky reveal that hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets.	Targeted Attack	J Information and communication	CE	IL		Siamesekitten, Lyceum, Hexane
8	17/08/2021	From at least late March 2021 until early June 2021	-	APT37 AKA InkySquid, ScarCruft, Ricochet Chollima	North Korean visitors	Researchers from Volexity reveal that the Korean APT InkySquid has breached Daily NK, one of the most popular North Korean-themed news sites on the internet in order to carry out a watering hole attack and infect some of the site’s visitors with malware.	Watering Hole (CVE-2020-1380, CVE-2021-26411)	X Individual	CE	KR		APT37, InkySquid, ScarCruft, Ricochet Chollima, Volexity, CVE-2020-1380, CVE-2021-26411
9	17/08/2021	-	-	?	Single individuals	A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Gozi (aka Ursnif) banking trojan.	Malware	X Individual	CC	>1		Captcha, Gozi, Ursnif
10	17/08/2021	-	-	?	Grocery stores, restaurants, and food delivery services	The FBI says that hackers are using credential stuffing attacks to hijack online accounts at grocery stores, restaurants, and food delivery services in order to drain user funds through fraudulent orders and to steal personal or financial data.	Credential Stuffing	I Accommodation and food service activities	CC	US		FBI
11	17/08/2021	-	-	?	Multiple organizations	Researchers from Cato Networks discover a new version of the old Houdini malware now being used to steal device information to subvert access rules that check on the device as well as the user.	Malware	Y Multiple Industries	CC	>1		Cato Networks, Houdini
12	17/08/2021	"Recently"	-	Confucius	Pakistani military	Researchers from Trend Micro observe the Confucius threat group conducting a recent spear-phishing campaign in which attackers used lures related to Pegasus spyware to target Pakistani military.	Targeted Attack	O Public administration and defence, compulsory social security	CE	PK		Trend Micro, Confucius, Pegasus
13	17/08/2021	-	-	?	The Gelre hospital	The Gelre hospital is hit by a phishing attack since three weeks.	Account Takeover	Q Human health and social work activities	CC	NL		The Gelre
14	17/08/2021	Early August	-	?	ENE Systems	ENE Systems is breached and the attackers access the Boston Children’s Hospital.	Unknown	D Electricity gas steam and air conditioning supply	CC	US		ENE Systems, Boston Children’s Hospital
15	17/08/2021	During June 2021	During June 2021	?	Customers of financial institutions in Mexico	Researchers from Cisco Talos discover an ongoing campaign using an updated variant of the "Neurevt" Trojan to target customers of financial institutions in Mexico.	Malware	K Financial and insurance activities	CC	MX		Cisco Talos, Neurevt
16	18/08/2021	"Recently"	-	?	Android users	Researchers from Trend Micro discover eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications.	Malware	X Individual	CC	>1		Trend Micro, Android
17	18/08/2021	15/12/2020	1/3/2021	Conti	Willdan Group	Willdan Group discloses a data privacy incident, probably a Conti ransomware attack.	Malware	M Professional scientific and technical activities	CC	US		Willdan Group, ransomware, Conti
18	19/08/2021	-	-	?	Liquid	Japan-based cryptocurrency exchange Liquid suspends deposits and withdrawals after attackers compromise its warm wallets. The attackers steal $90 million worth of funds.	Unknown	V Fintech	CC	JP		Liquid
19	19/08/2021	During July 2021	During July 2021	?	Organization in the financial industry	Researchers from Cloudflare reveal that the company detected a DDoS attack earlier this year, peaking at 17.2 million requests per second (rps).	DDoS	K Financial and insurance activities	CC	N/A		Cloudflare
20	19/08/2021	18/8/2021	18/8/2021	?	Realtek-based devices	A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel.	CVE-2021-35395 Vulnerability	Y Multiple Industries	CC	>1		Mirai, Realtek, Asus, Belkin, D-Link, Netgear, Tenda, ZTE, Zyxel
21	19/08/2021	Since 2019	-	?	Vulnerable Netgear, Huawei, and ZTE devices	Researchers from Microsoft reveal that the Mozi botnet has evolved to "achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE" by adapting its persistence mechanisms depending on each device's architecture.	Multiple Vulnerabilities	Y Multiple Industries	CC	>1		Mozi, Microsoft
22	19/08/2021	12/8/2021	12/8/2021	Black Kingdom or DEMON	Multiple organizations	Researchers at Abnormal Security identify a campaign that offer people $1 million in bitcoin to install DemonWare ransomware.	Malicious Spam	Y Multiple Industries	CC	>1		DemonWare, Abnormal Security, Black Kingdom, DEMON
23	19/08/2021	Between 20/04/2021 and 24/06/2021	17/6/2021	?	Rockwood School District	Rockwood School District discloses a ransomware incident impacting 77,294 individuals.	Malware	P Education	CC	US		Rockwood School District
24	20/08/2021	Since late July 2021,	Late July 2021,	APT37	Organizations in Russia	Researchers from Malwarebytes identify an ongoing spear phishing campaign pushing Konni RAT to target.	Targeted Attack	Y Multiple Industries	CE	RU		Malwarebytes, Konni RAT, APT37
25	20/08/2021	-	-	LockFile	Multiple organizations	The LockFile gang has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide.	PetitPotam NTLM Relay	Y Multiple Industries	CC	>1		LockFile, PetitPotam NTLM relay
26	20/08/2021	-	-	RansomEXX	Lojas Renner	Lojas Renner, Brazil’s largest clothing department store chain, said it suffered a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including its official web store.	Malware	G Wholesale and retail trade	CC	BR		Lojas Renner, ransomware
27	20/08/2021	During August 2021	During August 2021	?	Single individuals	A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand.	Malicious Spam	X Individual	CC	>1		Pegasus
28	20/08/2021	21/7/2021	21/7/2021	?	Search and Rescue Base at Aoraki/Mount Cook.	The Search and Rescue Base at Aoraki/Mount Cook discloses to have suffered a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	NZ		Search and Rescue Base at Aoraki/Mount Cook, ransomware
29	21/08/2021	"Two weeks ago"	-	?	U.S. State Department	The U.S. State Department was recently hit by a cyber attack, with notifications of a possible serious breach made by the Department of Defense Cyber Command	Unknown	O Public administration and defence, compulsory social security	N/A	US		U.S. State Department, Department of Defense Cyber Command
30	21/08/2021	Since July 2021	-	-	Multiple organizations	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issues an alert to warn of malicious actors actively exploiting the recently disclosed ProxyShell Microsoft Exchange vulnerabilities.	CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 vulnerabilities	Y Multiple Industries	CC	US		U.S. Cybersecurity and Infrastructure Security Agency, CISA, ProxyShell Microsoft Exchange, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
31	21/08/2021	Since July 2021	-	LockFile	Multiple organizations	A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities.	CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 vulnerabilities	Y Multiple Industries	CC	>1		Ransomware, LockFile, ProxyShell, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
32	21/08/2021	Over the past two days	Over the past two days	Multiple threat actors	Multiple organizations	Almost 2,000 Microsoft Exchange email servers have been hacked over the past two days and infected with backdoors after owners did not install patches for the ProxyShell vulnerabilities	CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 vulnerabilities	Y Multiple Industries	CC	>1		ProxyShell, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
33	23/08/2021	16/6/2021	13/8/2021	Conti	SAC Wireless	SAC Wireless, a US-based Nokia subsidiary, discloses a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems.	Malware	C Manufacturing	CC	US		SAC Wireless, Nokia, Conti, ransomware
34	23/08/2021	Since at least November 2020	-	OnePercent Group	US organizations	The Federal Bureau of Investigation (FBI) shares info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020.	Malware	Y Multiple Industries	CC	US		Federal Bureau of Investigation, FBI, OnePercent Group, ransomware
35	23/08/2021	-	16/7/2021	?	Town of Peterborough	Peterborough, a small New Hampshire town, loses $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges.	Business Email Compromise	O Public administration and defence, compulsory social security	CC	US		Peterborough
36	23/08/2021	23/8/2021	23/8/2021	?	Single individuals	A UPS phishing campaign utilizes an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents.	Malware	X Individual	CC	US		UPS, XSS
37	23/08/2021	Since November 2017	-	?	Multiple organizations	Researchers from AT&T Alien Labs discover a cluster of Linux ELF executables, modifications of the open-source PRISM backdoor, called Waterdrop used by multiple threat actors in various campaigns.	Malware	Y Multiple Industries	CC	>1		AT&T Alien Labs, PRISM, Waterdrop
38	24/08/2021	Since February 2021	-	?	Nine Bahraini activists	Researchers at Citizen Lab uncover a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists.	Targeted Attack	X Individual	CC	BH		Citizen Lab, NSO Group, Pegasus, Bahrain
39	24/08/2021	During the previous week	-	Belarusian Cyber Partisans	Belarusian Police	The Belarusian Cyber Partisans release portions of a huge data trove they say includes some of the country’s most secret police and government databases. The information contains lists of alleged police informants, personal information about top government officials and spies, video footage gathered from police drones and detention centers and secret recordings of phone calls from a government wiretapping system.	Unknown	O Public administration and defence, compulsory social security	H	BY		Belarusian Cyber Partisans
40	24/08/2021	24/8/2021	24/8/2021	Adalat Ali	Evin prison in Tehran	A hacktivist group going by the name of Adalat Ali (Ali’s Justice) breach the internal CCTV system at Evin, a prison complex in Tehran where Iran houses most of its political prisoners, and leak videos showing extensive prisoner abuse.	Unknown	O Public administration and defence, compulsory social security	H	IR		Evin, Tehran
41	24/08/2021	-	-	?	Online petition	OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs.	Account Takeover	V Fintech	CC	US		OpenSea, Discord
42	24/08/2021	-	-	?	Android users	Researchers from Kaspersky discover a malicious version of the FMWhatsappWhatsApp mod delivering a Triada trojan payload	Malware	X Individual	CC	>1		Kaspersky, FMWhatsappWhatsApp, Triadatrojan
43	24/08/2021	Since 16/08/2021	-	Multiple threat actors	Multiple organizations	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) releases five new analysis reports detailing malware discovered on compromised Pulse Secure devices.	CVE-2021-22937 Vulnerability	Y Multiple Industries	CC	US		The U.S. Cybersecurity and Infrastructure Security Agency, CISA, CVE-2021-22937
44	24/08/2021	Since May 2020	"Recently"	SparklingGoblin	North American media firms, universities and one computer retailer	ESET researchers discover a new undocumented modular backdoor, SideWalk, being used by an APT group named SparklingGoblin, used during a recent campaign that targeted a computer retail company based in the USA. This backdoor shares multiple similarities with another backdoor used by the group: CROSSWALK.	Targeted Attack	Y Multiple Industries	CE	US		ESE, SideWalk, SparklingGoblin, CROSSWALK
45	24/08/2021	Since July 2021	-	?	Android users in Europe and Australia	The FluBot malware has a resurgence and hits users in Europe and Australia.	Malware	K Financial and insurance activities	CC	>1		FluBot, Android
46	24/08/2021	22/8/2021	22/8/2021	?	ROC Mondriaan	The ROC Mondriaan educational institution in The Hague suffers a major cyber attack.	Unknown	P Education	CC	NL		ROC Mondriaan, The Hague
47	25/08/2021	-	-	?	Undisclosed US financial organization	Research from Bitdefender reveal that FIN8 has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic.	Malware	K Financial and insurance activities	CC	US		Bitdefender, FIN8, Sardonic
48	25/08/2021	Since June 2021	-	?	Multiple organizations in the healthcare sector	The FBI releases an alert about the Hive ransomware after attacks on hospital system in Ohio and West Virginia.	Malware	Q Human health and social work activities	CC	US		FBI, Hive, ransomware
49	25/08/2021	30/5/2021	30/5/2021	Vice Society	Town of Rolle	The Swiss town of Rolle acknowledges to have been hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	CH		Rolle, ransomware, Vice Society
50	25/08/2021	21/6/2021	-	?	Revere Health	The Personal Identifiable Information (PII) of approximately 12,000 cardiology patients is been exposed in a phishing attack to Revere Health.	Account Takeover	Q Human health and social work activities	CC	US		Revere Health
51	25/08/2021	-	-	?	Kanye West's fans	Researchers from Kaspersky reveal that scammers are already taking advantage of the forthcoming release of Kanye West's latest album "Donda" to distribute malware.	Malware	R Arts entertainment and recreation	CC	>1		Kaspersky, Kanye West, Donda
52	25/08/2021	-	24/6/2021	?	Metro Infectious Disease Consultant (MIDC)	Metro Infectious Disease Consultant notifies 171,740 Individuals of a phishing attack.	Account Takeover	Q Human health and social work activities	CC	US		Metro Infectious Disease Consultant, MIDC
53	26/08/2021	23/8/2021	23/8/2021	LockBit 2.0	Bangkok Airways	Bangkok Airways reveals to have been hit with a LockBit 2.0 ransomware attack.	Malware	H Transportation and storage	CC	TH		Bangkok Airways, LockBit 2.0, ransomware
54	26/08/2021	-	-	?	Organizations using Microsoft 365	Microsoft warns of a widespread credential phishing campaign abuses open redirector links.	Account Takeover	Y Multiple Industries	CC	>1		Microsoft 365
55	26/08/2021	6/8/2021	6/8/2021	?	Eye & Retina Surgeons	A ransomware attack compromises the personal and clinical data of more than 73,000 patients of Eye & Retina Surgeons in Singapore.	Malware	Q Human health and social work activities	CC	SG		Eye & Retina Surgeons, ransomware
56	26/08/2021	-	-	LockBit 2.0	Envision Credit Union	Envision Credit Union is allegedly hit with a LockBit 2.0 ransomware attack.	Malware	K Financial and insurance activities	CC	US		Envision Credit Union, LockBit 2.0, ransomware
57	26/08/2021	-	-	?	Single individuals	A phishing campaign uses the name of Catherine De Bolle, the executive director of the EU’s law enforcement agency Europol.	Account Takeover	X Individual	CC	BE		Catherine De Bolle, Europol.
58	27/08/2021	25/8/2021	25/8/2021	?	Boston Public Library (BPL)	The Boston Public Library (BPL) discloses that its network was hit by a cyberattack, leading to a system-wide technical outage.	Unknown	O Public administration and defence, compulsory social security	CC	US		Boston Public Library, BPL
59	27/08/2021	5/2/2021	During March 2021	Cl0p	Beaumont Health	Beaumont Health joins the list of the victims of the Accellion breach.	Vulnerability	Q Human health and social work activities	CC	US		Beaumont Health, Accellion
60	27/08/2021	5/7/2021	2/8/2021	?	San Andreas Regional Center	A ransomware attack on the San Andreas Regional Center in California leads to the threat actors potentially accessing or obtaining the data od a total of 57,244 patients were notified.	Malware	Q Human health and social work activities	CC	US		San Andreas Regional Center, ransomware
61	27/08/2021	Between 18/06/2021 and 29/06/2021	11/8/2021	?	CareATC	The hack of several employee email accounts at CareATC leads to the potential exposure of protected health information tied to 98,774 patients.	Account Takeover	Q Human health and social work activities	CC	US		CareATC
62	27/08/3021	13/8/2021	13/8/2021	?	Circuit Court of Cook County	The. Circuit Court of Cook County website is taken down after a breach that directed users to an NFL-related website.	Unknown	O Public administration and defence, compulsory social security	CC	US		Circuit Court of Cook County
63	27/08/3021	1/6/2021	28/7/2021	?	Rock Island County	Rock Island County loses $115,000 after a BEC attack.	Business Email Compromise	O Public administration and defence, compulsory social security	CC	US		Rock Island County
64	27/08/3021	21/7/2021	4/8/2021	?	Central Texas Medical Specialists PLLC dba Austin Cancer Centers	Austin Cancer Centers discloses to have suffered a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Central Texas Medical Specialists PLLC, Austin Cancer Centers, ransomware
65	28/08/2021	-	26/8/2021	?	Fujitsu	4GB of data, allegedly from Japanese tech giant Fujitsu is being sold on the dark web by a group called Marketo. The company claims the information "appears related to customers" and not their own systems.	Unknown	C Manufacturing	CC	JP		Fujitsu
66	29/08/2021	-	-	?	Puma	The underground market Marketo claims to have about 1GB of data stolen from Puma that are now auctioned to the highest bidder.	Unknown	G Wholesale and retail trade	CC	DE		Marketo, Puma
67	30/08/2021	Since August 2021 (three weeks earlier)	-	?	Vulnerable Exchange servers.	Attackers are exploiting the ProxyToken vulnerability targeting Microsoft Exchange servers.	CVE-2021-33766 Vulnerability	Y Multiple Industries	CC	>1		ProxyToken, Microsoft Exchange, CVE-2021-33766
68	30/08/2021	-	30/8/2021	?	Cream Finance	Hackers are estimated to have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.	Reentrancy attack	V Fintech	CC	TW		Cream Finance
69	30/08/2021	13/7/2021	13/7/2021	?	DuPage Medical Group (DMG)	DuPage Medical Group (DMG) recently began notifying 655,384 patients that their data was compromised during a cyberattack and network outage in mid-July	Unknown	Q Human health and social work activities	CC	US		DuPage Medical Group (DMG)
70	30/08/2021	26/8/2021	26/8/2021	?	Sault St. Marie Police Service	Sault St. Marie Police Service discloses to have been hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US		Sault St. Marie Police Service, ransomware
71	30/08/2021	"Recently"	"Recently"	?	Multiple organizations	Researchers from Inky uncover a phishing campaign using fake COVID-19 vaccination forms.	Account Takeover	Y Multiple Industries	CC	US		Inky, COVID-19
72	30/08/2021	During December 2020	-	?	Mercy Grace Private Practice	Mercy Grace Private Practice notifies 4,450 patients about a business email compromise attack in December 2020 involving a fraudulent wire transfer.	Business Email Compromise	Q Human health and social work activities	CC	US		Mercy Grace Private Practice
73	31/08/2021	-	-	Multiple threat actors	Exposed Confluence servers	Mass scans for Confluence servers are currently underway, with attackers and professional bug bounty hunters probing Confluence systems for functions vulnerable to CVE-2021-26084 attacks.	CVE-2021-26084 Vulnerability	Y Multiple Industries	CC	>1		Confluence, CVE-2021-26084
74	31/08/2021	-	-	?	Multiple organizations	Researchers from Cisco Talos identify multiple campaigns distributing trojanized versions of the Honeygain proxyware.	Malware	Y Multiple Industries	CC	>1		Cisco Talos, Honeygain
75	31/08/2021	-	-	?	Russian Mobile users	A security researcher discover malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores (DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3).	Malware	X Individual	CC	RU		DEXP SD2810, Itel it2160, Irbis SF63, F+ Flip 3
76	31/08/2021	Between 28/062021 and 07/07/2021	6/8/2021	?	Career Group	Career Group is allegedly hit with a ransomware attack.	Malware	M Professional scientific and technical activities	CC	US		Career Group
77	31/08/2021	30/8/2021	30/8/2021	?	bansky.co.uk	A hacker returns $336,000 to a British collector after he tricked him into buying a fake Banksy NFT advertised through the artist's official website.	Account Takeover	R Arts entertainment and recreation	CC	UK		Bansky
78	31/08/2021	During June 2021	-	?	College and university students	Researchers from Mimecast discover a Nigeria-based cybercriminal group posing as a consulting company, targeting college and university students with work-from-home job offers in phishing emails that aim to have them cash checks for a commission.	Malicious Spam	P Education	CC	US		Mimecast, Nigeria
79	31/08/2021	04-05/08/2021	04-05/08/2021	?	Neuchâtel Cantonal Bank	A cyber attack on the Neuchâtel Cantonal Bank results in the potential theft of around 1,500 email addresses.	Unknown	K Financial and insurance activities	CC	CH		Neuchâtel Cantonal Bank
80	31/08/2021	-	-	?	Users of OpenSea	Users of OpenSea, a marketplace for blockchain-based digital assets, are being targeted by scammers who are impersonating the company's support staff in order to steal digital assets such as cryptocurrency and non-fungible tokens.	Account Takeover	V Fintech	CC	>1		OpenSea
81	31/08/2021	25/03/2021	06/05/2021	?	Town of Deerfield	The town of Deerfield notifies that an unauthorized third party viewed or acquired the personal information of several residents in a March 25 data breach.	Unknown	O Public administration and defence, compulsory social security	CC	US		Town of Deerfield
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
16-28 February 2023 Cyber Attacks Timeline
The second cyber attacks timeline of February 2023 is out and with 10.62 events/day confirms...
TCP Split Handshake Attack Explained
Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible Update May 11: The Never Ending Story Update April 21: Other Considerations on TCP Split Handshake Few days ago, independent security research and testing NSS Labs, issued a comparative report among six network security ...
February 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of February 2023 where I have collected and analyzed...