1-15 September 2021 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The Autumn has begun, and I can finally publish the first timeline of September 2021. Despite we are still far from the highest peaks of activity of this year, in this timeline I have collected 93 events, an increase in comparison with the 78 of the previous timeline. Ransomware continues to dominate the threat landscape, with a percentage similar to the previous period (25.8% vs 24.4% (24 out of 93 events) and with new high-profile victims joining the unwelcome list of the victims.

A trend that is characterizing this year and seems endless is the exploitation of high-profile vulnerabilities. In this timeline you will find multiple events occurred exploiting en-masse software flaws on Confluence (CVE-2021-26084), Zoho (CVE-2021-40539), and the Microsoft MSHTML rendering engine CVE-2021-40444, without considering the dump of 500,000 VPN credentials obtained through the old CVE-2018-13379.

Interestingly enough, this timeline also contains some mega breaches, the worst of which is undoubtedly the leak by the Anonymous collective of 15 million records from Epik, a controversial web hosting provider. Other interesting events happened in Israel and France. I am talking about the leak of the personal data belonging to 7 million Israelis from the CITY4U website, and around 1.4 million people who took COVID-19 tests in the Paris. .

The Biggest Data Breaches of 2021

Click Here

Leaky Buckets: a List of Cloud Misconfigurations

Click Here

Cloud-Native Threats in 2021

Click Here

Not so much to mention, numerically, on the cyber espionage front, except maybe the revelation of an attack targeting the United Nations, Other interesting events include a new campaign by Mustang Panda targeting at least ten Indonesian government ministries and agencies, and some APT actors exploiting the above mentioned Zoho vulnerability.

Last but not least, two misinformation campaigns were unearthed in this fortnight respectively pro-Russia and pro-China (how weird!)

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/09/2021	During January 2021	-	?	Undisclosed US farm	A US farm loses a whopping $9 million due to a temporary shutdown of its farming operations following a ransomware attack earlier this year.	Malware	I Accommodation and food service activities	CC	US		FBI, ransomware
2	01/09/2021	-	-	?	Organizations in the food and agriculture sector	The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain.	Malware	I Accommodation and food service activities	CC	US		FBI, ransomware
3	01/09/2021	-	-	?	Unknown Organization(s)	Researchers from Mandiant discover a new malware family, probably still under development, named PRIVATELOG, that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files to avoid detection.	Malware	Z Unknown	N/A	N/A		Mandiant, PRIVATELOG, Common Log File System, CLFS
4	01/09/2021	Since January 2021	Apr-21	?	Single individuals	Researchers from Sophos discover a campaign distributing the Crypto Bot and Raccoon Stealer malware via cracked software.	Malware	X Individual	CC	>1		Sophos, Crypto Bot, Raccoon Stealer
5	01/09/2021	-	-	?	Single individuals	The U.S. Securities and Exchange Commission issues a new warning that fresh criminal schemes are continuing to target digital assets.	Account Takeover	V Fintech	CC	US		U.S. Securities and Exchange Commission, SEC, Crypto
6	02/09/2021	-	-	?	Vulnerable Atlassian Confluence servers	Researchers from Bad Packets reveal that attackers are actively scanning for and exploiting the recently disclosed CVE-2021-26084 Atlassian Confluence remote code execution vulnerability to install cryptominers.	CVE-2021-26084 Vulnerability	Y Multiple Industries	CC	>1		Bad Packets, CVE-2021-26084, Atlassian Confluence
7	02/09/2021	around late-June to late-July 2021	Late July 2021,	FIN7	Clearmind	Researchers from Anomali discover a campaign from the FIN7 group, leveraging six different docs, all referencing “Windows 11 Alpha”.	Malware	M Professional scientific and technical activities	CC	US		Anomali, FIN7, “Windows 11 Alpha”.
8	02/09/2021	-	-	?	Gift card and customer-loyalty program	Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies.	password-spraying	X Individual	CC	US		Gift cards, Customer Loyalty
9	02/09/2021	-	-	?	Single individuals	The FBI Internet Crime Complaint Center (IC3) warns of a spike in sextortion attacks since the beginning of 2021 that caused $8M losses.	Malicious Spam	X Individual	CC	US		FBI, Internet Crime Complaint Center, IC3
10	02/09/2021	-	-	REvil AKA Sodinokibi	VoIP Unlimited	VoIP Unlimited is hit with a DDoS attack by the REvil ransomware gang.	DDoS	J Information and communication	CC	UK		VoIP Unlimited, REvil, ransomware, Sodinokibi
11	02/09/2021	-	-	REvil AKA Sodinokibi	Voipfone	Voipfone is hit with a DDoS attack by the REvil ransomware gang.	DDoS	J Information and communication	CC	UK		Voipfone, REvil, ransomware, Sodinokibi
12	03/09/2021	-	-	Conti	Vulnerable Microsoft Exchange servers	The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits.	CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 vulnerabilities	Y Multiple Industries	CC	>1		Conti, ransomware, Microsoft Exchange, ProxyShell, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207
13	03/09/2021	-	-	?	Single individuals	The US Securities and Exchange Commission (SEC) warns investors to be "extremely wary" of potential investment scams related to Hurricane Ida's aftermath.	Malicious Spam	X Individual	CC	US		US Securities and Exchange Commission, SEC
14	03/09/2021	During January 2021	-	?	Nevada Restaurant Services (NRS)	Nevada Restaurant Services (NRS), the owner of the popular slot machine parlor chain Dotty's, discloses a data breach, due to malware, that exposed a significant amount of personal and financial information.	Malware	R Arts entertainment and recreation	CC	US		Nevada Restaurant Services, NRS
15	03/09/2021	-	8/8/2021	?	Dallas Independent School District	The Dallas Independent School District -- one of the biggest school districts in the United States -- releases an advisory saying the personal data of students and employees were accessed and downloaded during a "data security incident."	Unknown	P Education	CC	US		Dallas Independent School District
16	03/09/2021	-	-	Multiple threat actors	Vulnerable Atlassian Confluence servers	The US CyberCom sends out a public notice warning IT teams that CVE-2021-26084 -- related to Atlassian Confluence -- is actively being exploited.	CVE-2021-26084 Vulnerability	Y Multiple Industries	CC	>1		US CyberCom, CVE-2021-26084, Atlassian Confluence
17	03/09/2021	3/9/2021	3/9/2021	?	Vocus NZ	Vocus NZ, New Zealand's third largest internet provider, is hit with a massive DDoS attack.	DDoS	J Information and communication	CC	NZ		Vocus NZ
18	03/09/2021	10/8/2021	10/8/2021	?	France-Visas	The French government’s ‘France-Visas’ website suffers a cyber attack that exposes the personal data of visa applicants hoping to visit or emigrate to France.	Unknown	O Public administration and defence, compulsory social security	CC	FR		France-Visas
19	03/09/2021	Between 25/03/2021 and 30/03/2021	30/03/2021	?	K and B Surgical Center	K and B Surgical Center notifies that an unauthorized individual gained access to its computer network. The security breach was detected on March 30, 2021, with the third-party forensic investigation confirming its network was compromised between March 25 and March 30.	Account Takeover	Q Human health and social work activities	CC	US		K and B Surgical Center
20	04/09/2021	Earlier this week	-	?	Jenkins	Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breach an internal server from the Jenkins project.	CVE-2021-26084 Vulnerability	M Professional scientific and technical activities	CC	N/A		Jenkins, Atlassian Confluence, Jenikins, CVE-2021-26084
21	05/09/2021	4/9/2021	4/9/2021	Avos Locker	Pacific City Bank	The Pacific City Bank is hit by the Avos Locker ransomware.	Malware	K Financial and insurance activities	CC	US		Pacific City Bank, Avos Locker
22	05/09/2021	3/9/2021	-	?	Université Mohammed V	The personal data of more than 2 million Moroccans is leaked by hackers. Some of the data is reportedly culled from a LinkedIn data set that had been leaked previously, but some appears to possibly be from an attack on a university.	Unknown	P Education	CC	MA		Université Mohammed V
23	06/09/2021	Since Mach 2021	-	Russian Trolls	Western media channels	A report by the Crime and Security Research Institute at Cardiff University discloses a pro-Russian government propaganda and disinformation campaign targeting Western media channels.	Fake social media/web pages	J Information and communication	CW	>1		Crime and Security Research Institute at Cardiff University, Russia
24	07/09/2021	During Summer 2020	7/9/2021	Groove	Vulnerable Fortinet devices	A threat actor leaks a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer.	CVE-2018-13379 Vulnerability	Y Multiple Industries	CC	>1		Fortinet, Groove, CVE-2018-13379
25	07/09/2021	-	-	Sangkancil	CITY4U	A threat actor that goes online with the moniker ‘Sangkancil’ claims to have stolen the personal information of 7 million Israelis from the CITY4U website.	Unknown	O Public administration and defence, compulsory social security	CC	IL		Sangkancil, CITY4U
26	07/09/2021	-	-	?	Multiple organizations	Microsoft shares mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10.	CVE-2021-40444 Vulnerability	Y Multiple Industries	N/A	>1		Microsoft, Office 365, Office 2019, Windows 10, CVE-2021-40444
27	07/09/2021	-	-	APT actors	Vulnerable Zoho’s ManageEngine ADSelfService Plus	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that hackers are exploiting a critical vulnerability in Zoho’s ManageEngine ADSelfService Plus password management solution that allows them to take control of the system.	CVE-2021-40539 Vulnerability	Y Multiple Industries	CE	>1		Zoho, ManageEngine ADSelfService Plus, CVE-2021-40539
28	07/09/2021	Since March 2020	-	BladeHawk	Kurdish ethnic group	Researchers from ESET discover a campaign conducted by the BladeHawk group focused on targeting the Kurdish ethnic group through their Android handsets.	Malware	X Individual	CE	N/A		ESET, BladeHawk, Kurdish ethnic group, Android
29	07/09/2021	-	-	REvil AKA Sodinokibi	South Carolina Legal Services	The REvil ransomware gang is back and dumps the data of South Carolina Legal Services.	Malware	M Professional scientific and technical activities	CC	US		REvil, ransomware, South Carolina Legal Services
30	07/09/2021	-	-	REvil AKA Sodinokibi	Ensinger Plastics	The REvil ransomware gang dumps the data of Ensinger Plastics.	Malware	C Manufacturing	CC	US		REvil, ransomware, Ensinger Plastics
31	07/09/2021	-	-	?	Phetchabun Hospital	A hacker steals more than 10,000 patients' personal details from Phetchabun Hospital.	Unknown	Q Human health and social work activities	CC	TH		Phetchabun Hospital
32	07/09/2021	late May 2021	-	?	City of Bridgeport	The residents of Bridgeport are notified that the city government was hit by a ransomware attack in late May of this year.	Malware	O Public administration and defence, compulsory social security	CC	US		Bridgeport, ransomware
33	07/09/2021	Earlier in September 2021	-	-	Hogeschool van Arnhem en Nijmegen (HAN)	A hacker leaks data from students and employees of the Hogeschool van Arnhem en Nijmegen (HAN).	Unknown	P Education	CC	NL		Hogeschool van Arnhem en Nijmegen, HAN
34	07/09/2021	-	-	North Korean hackers	Email accounts of Kang Mi-jin, a North Korean defector	North Korean hackers break into several accounts of Kang Mi-jin, a prominent defector and use his access to send a malicious document to a contact working on DPRK issues.	Account Takeover	X Individual	CE	KR		North Korea, Kang Mi-jin, DPRK
35	07/09/2021	3/9/2021	-	?	First Energy Corporation	First Energy Corporation requires all customers to reset their passwords due to a security breach.	Password-spraying	D Electricity gas steam and air conditioning supply	CC	US		First Energy Corporation
36	08/09/2021	3/9/2021	3/9/2021	?	Howard University	The private Howard University in Washington discloses that it suffered a ransomware attack and is working to restore affected systems.	Malware	P Education	CC	US		Howard University, ransomware
37	08/09/2021	8/9/2021	8/9/2021	?	ANZ New Zealand	ANZ New Zealand is taken down by a DDoS attack.	DDoS	K Financial and insurance activities	CC	NZ		ANZ New Zealand
38	08/09/2021	8/9/2021	8/9/2021	?	Kiwibank	Kiwibank is taken down by a DDoS attack.	DDoS	K Financial and insurance activities	CC	NZ		Kiwibank
39	08/09/2021	8/9/2021	8/9/2021	?	New Zealand MetService	The New Zealand MetService is taken down by a DDoS attack.	DDoS	O Public administration and defence, compulsory social security	CC	NZ		New Zealand MetService
40	08/09/2021	8/9/2021	8/9/2021	?	New Zealand Post	The New Zealand Post is taken down by a DDoS attack.	DDoS	O Public administration and defence, compulsory social security	CC	NZ		New Zealand Post
41	08/09/2021	8/9/2021	8/9/2021	?	New Zealand Ministry for Primary Industries	The New Zealand Ministry for Primary Industries is taken down by a DDoS attack.	DDoS	O Public administration and defence, compulsory social security	CC	NZ		New Zealand Ministry for Primary Industries
42	08/09/2021	Since 25/07/2021	-	TeamTNT	Multiple organizations	Researchers from AT&T Alien Labs disclose Operation Chimaera, a campaign carried out by the TeamTNT, hitting multiple organizations worldwide.	Malware	Y Multiple Industries	CC	>1		AT&T Alien, Operation Chimaera, TeamTNT
43	08/09/2021	-	-	?	Vulnerable Zoho’s ManageEngine ADSelfService Plus	Zoho patches the authentication bypass vulnerability in its ManageEngine ADSelfService Plus alongside a warning that the bug is already exploited in attacks.	CVE-2021-40539 Vulnerability	Y Multiple Industries	N/A	N/A		Zoho, ManageEngine ADSelfService Plus
44	08/09/2021	5/4/2021	7/8/2021	?	United Nations	The United Nations confirm that hackers breached its computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The access occurred via an account on the UN’s proprietary project management software, called Umoja.	Account Takeover	U Activities of extraterritorial organizations and bodies	CE	N/A		United Nations, Umoja
45	08/09/2021	-	-	?	Russian Government Website	According to a report of the local Russian news outlet Izvestia, unidentified hackers deface a Russian official government website and start to promote Ponzi Bitcoin free giveaway promotion.	Defacement	O Public administration and defence, compulsory social security	CC	RU		Izvestia
46	08/09/2021	6/9/2021	-	?	Bhumirajanagarindra Kidney Institute Hospital	The personal details of more than 40,000 patients at Bhumirajanagarindra Kidney Institute Hospital are stolen after a ransomware attack.	Malware	Q Human health and social work activities	CC	TH		Bhumirajanagarindra Kidney Institute Hospital, ransomware
47	08/09/2021	Since July 2021	-	?	Single individuals	Researchers from Proofpoint discover an email fraud campaigns in which unidentified threat actors are swindling victims out of bitcoin by tempting them with a substantial amount of tax-free cryptocurrency.	Account Takeover	V Fintech	CC	>1		Proofpoint, crypto
48	08/09/2021	Since June 2019	-	?	Single individuals	Researchers from Mandiant say a pro-China influence operation leveraging a network of fake social media accounts has expanded in size and scope, promoting in-person protests and narratives around COVID-19 and U.S. domestic policy.	Fake social media/web pages	X Individual	CW	>1		Mandiant, China, COVID-19
49	09/09/2021	During July 2021	During July 2021	Marketo	Virginia Defense Force and Virginia Department of Military Affairs	Email accounts connected to the Virginia Defense Force and the Virginia Department of Military Affairs are impacted by a cyberattack to a third-party in July.	Unknown	O Public administration and defence, compulsory social security	CC	US		Virginia Defense Force, Virginia Department of Military Affairs, Marketo
50	09/09/2021	7/9/2021	7/9/2021	Mēris	Yandex	Russian internet giant Yandex is targeted in a massive distributed denial-of-service (DDoS) attack that started last week and reportedly continues this week.	DDoS	J Information and communication	CC	RU		Yandex, Mēris
51	09/09/2021	6/9/2021	6/9/2021	?	South African Department of Justice	The South African Department of Justice is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	ZA		South African Department of Justice, ransomware
52	09/09/2021	-	-	?	MyRepublic Singapore	MyRepublic Singapore emails data breach notifications disclosing that customers' personal information was exposed after an unauthorized person gained access to a third-party data storage platform. The data of 79,388 mobile subscribers is compromised.	Unknown	J Information and communication	CC	SG		MyRepublic Singapore
53	09/09/2021	Since the Summer 2021	Since the Summer 2021	Mēris	Vulnerable MikroTik devices	Network equipment manufacturer MikroTik shares details on how customers can secure and clean routers compromised by the massive Mēris DDoS botnet over the summer.	Multiple Vulnerabilities	Y Multiple Industries	CC	>1		MikroTik, Mēris, DDoS
54	09/09/2021	9/9/2021	9/9/2021	Mēris	KrebsOnSecurity	KrebsOnSecurity is hit with a DDoS attack by the Mēris botnet.	DDoS	J Information and communication	CC	US		KrebsOnSecurity, Mēris
55	09/09/2021	"Recently"	"Recently"	Grayfly	Organizations in Taiwan, Vietnam, the US and Mexico.	Researchers from Broadcom discover a campaign of the China-linked Grayfly group using the Sidewalk backdoor.	Targeted Attack	Y Multiple Industries	CE	>1		Grayfly
56	09/09/2021	-	-	?	Dadsnet's Instagram account	A hacker who calls themself “The King” is demanding more than $40,000 to return control of the Dadsnet's Instagram account to its rightful owners.	Account Takeover	S Other service activities	CC	UK		The King, Dadsnet
57	09/09/2021	-	-	?	Dorchester County Government	Dorchester County Government (“Dorchester“) announces a phishing incident involving email accounts within its email environment.	Account Takeover	O Public administration and defence, compulsory social security	CC	US		Dorchester County Government
58	09/09/2021	-	-	CoomingProject	South African National Space Agency (SANSA)	A new internet group, CoomingProject, claims responsibility for a data breach at the South African National Space Agency (SANSA)	Unknown	O Public administration and defence, compulsory social security	CC	ZA		CoomingProject, South African National Space Agency, SANSA
59	09/09/2021	-	-	malt1 - zesty - m1kesecurity	Brazil's National Health Surveillance Agency (Agência Nacional de Vigilância Sanitária - Anvisa)	The official website of the National Health Surveillance Agency (Anvisa) is defaced, and the Traveler’s Health Declaration form is replaced with the Argentine flag.	Defacement	O Public administration and defence, compulsory social security	H	BR		National Health Surveillance Agency, Agência Nacional de Vigilância Sanitária, Anvisa, malt1, zesty, m1kesecurity
60	09/09/2021	-	-	Pysa aka Mespinoza	Multiple organizations	Researchers from Lacework discover a version of its malware designed to target Linux hosts with the ChaChi backdoor.	Malware	Y Multiple Industries	CC	>1		Lacework, Linux, ChaChi, ransomware
61	09/09/2021	-	15/07/2021	?	Buddhist Tzu Chi Medical Foundation	Buddhist Tzu Chi Medical Foundation notifies 18,968 patients that some of their protected health information was potentially been compromised in a recent ransomware cyberattack.	Malware	Q Human health and social work activities	CC	US		Buddhist Tzu Chi Medical Foundation, ransomware
62	10/09/2021	-	-	Mustang Panda	At least ten Indonesian government ministries and agencies	Researchers from Insikt Group reveal that Chinese hackers have breached the internal networks of at least ten Indonesian government ministries and agencies, including computers from Indonesia’s primary intelligence service, the Badan Intelijen Negara (BIN).	Targeted Attack	O Public administration and defence, compulsory social security	CE	ID		Insikt Group, Indonesia, Mustang Panda
63	10/09/2021	24/11/2020	25/2/2021	?	LifeLong Medical Care	LifeLong Medical Care, a California health center, sends letters to about 115 000 people about a ransomware attack that took place on November 24, 2020.	Malware	Q Human health and social work activities	CC	US		LifeLong Medical Care, ransomware
64	10/09/2021	21/5/2021	21/5/2021	?	Desert Wells Family Medicine	Desert Wells Family Medicine was forced to send out a similar letter to 35 000 patients after they too were hit by a ransomware attack that exposed sensitive patient information.	Malware	Q Human health and social work activities	CC	US		Desert Wells Family Medicine, ransomware
65	10/09/2021	Since August 2021	During August 2021	?	Mobile banking users	Researchers from ThreatFabric discover SOVA a new Android banking trojan in active development.	Malware	K Financial and insurance activities	CC	>1		ThreatFabric, SOVA, Android
66	10/09/2021	Since September 2021	During September 2021	?	Customers of European and South American banks	A new banking trojan dubbed Maxtrilha is discovered, targeting customers of European and South American banks.	Malware	K Financial and insurance activities	CC	>1		Maxtrilha
67	10/09/2021	During October 2020	-	?	Paradies Shops LLC	Airport store operator, Paradies Shops LLC suffers a class action after a cyber attack in October 2020 that compromised the personal data of more than 76,000 employees.	Unknown	G Wholesale and retail trade	CC	US		Paradies Shops LLC
68	10/09/2021	-	-	?	City of Yonkers	The city of Yonkers is the victim of a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US		City of Yonkers, ransomware
69	10/09/2021	23/8/2021	-	Hive	Missouri Delta Medical Center (MDMC)	Missouri Delta Medical Center is hit with a Hive ransomware attack.	Malware	Q Human health and social work activities	CC	US		Missouri Delta Medical Center, MDMC, Hive, ransomware
70	10/09/2021	End of August 2021	-	Avos Locker	Undisclosed company operating in the field of paint sales	The Avos Locker ransomware gang extorts $ 85,000 in bitcoin from a company thanks to a known vulnerability in the FortiGate VPN (CVE-2018-13379)	Malware	G Wholesale and retail trade	CC	UK		Avos Locker, ransomware, FortiGate VPN, CVE-2018-13379
71	10/09/2021	-	20/5/2021	?	HBP Financial Services Group	HBP Financial Services Group provides notice of a phishing attack impacting Pathology Consultants of New London, PC	Account Takeover	K Financial and insurance activities	CC	US		HBP Financial Services Group, Pathology Consultants of New London, PC
72	10/09/2021	25/6/2021	25/6/2021	?	Wedge Recovery Centers	The Wedge Recovery Centers, a mental health service provider based in Philadelphia, Pennsylvania, reveals to have discovered suspicious activity within the computer network on June 25, 2021.	Unknown	Q Human health and social work activities	CC	US		Wedge Recovery Centers
73	11/09/2021	28/2/2021	-	Anonymous	Epik	The Anonymous collective successfully breaches and leaks the database of Epik, a controversial web hosting provider and domain registrar that has given shelter to many right-wing websites over the past few years.	Unknown	M Professional scientific and technical activities	H	US		Anonymous, Epik
74	11/09/2021	8/9/2021	8/9/2021	BlackMatter	Olympus	Olympus, a leading medical technology company, is hit by a BlackMatter ransomware attack that impacted some of its EMEA (Europe, Middle East, Africa) IT systems.	Malware	C Manufacturing	CC	JP		Olympus, BlackMatter, ransomware
75	11/09/2021	27/8/2021	27/8/2021	Vice Society	Barlow Respiratory Hospital	Barlow Respiratory Hospital reveals to have been hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Barlow Respiratory Hospital, Vice Society, Ransomware
76	12/09/2021	Middle of 2020	-	?	Assistance Publique - Hôpitaux de Paris	The Assistance Publique - Hôpitaux de Paris (Paris Hospitals) reveal that unknown ackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020	Unknown	Q Human health and social work activities	CC	FR		Assistance Publique - Hôpitaux de Paris, COVID-19
77	12/09/2021	12/9/2021	12/9/2021	Anonymous	TexasGOP.org	The website of the Republican Party of Texas (TexasGOP.org) is hacked and defaced over the weekend in an apparent protest against the state’s controversial new abortion law.	Defacement	S Other service activities	H	US		Republican Party of Texas, TexasGOP.org, Anonymous
78	13/09/2021	-	-	?	Customers of AU And DE Financial Institutions	Researchers from Sentinel One discover an ongoing Zloader campaign using a new infection chain to disable Microsoft Defender Antivirus.	Malware	K Financial and insurance activities	CC	AU DE		Sentinel One, Zloader, Microsoft Defender
79	13/09/2021	-	-	?	Multiple organizations	Google releases Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild.	CVE-2021-30632 and CVE-2021-30633 vulnerabilities	Y Multiple Industries	N/A	>1		Google, Chrome 93.0.4577.82, CVE-2021-30632, CVE-2021-30633
80	13/09/2021	During August 2021	During August 2021	Vermilion	Multiple organizations	Researchers from Intezer discover an unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch, actively used in attacks targeting organizations worldwide.	Malware	Y Multiple Industries	CC	>1		Vermilion, Cobalt Strike, Vermilion Strike, Intezer
81	13/09/2021	13/9/2021	13/9/2021	?	Single Individuals in the UK	A Royal Mail-themed spam abuses an open redirect on a UK council-backed property website (Homes4Wiltshire) to avoid detection	Account Takeover	X Individual	CC	UK		Homes4Wiltshire
82	13/09/2021	-	-	?	Jefferson Parish’s key courthouse	Jefferson Parish’s key courthouse is hit with a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	US		Jefferson Parish
83	13/09/2021	-	6/2/2021	?	Indian Creek Foundation	Indian Creek Foundation provides notification of a ransomware incident.	Malware	Q Human health and social work activities	CC	US		Indian Creek Foundation, ransomware
84	14/09/2021	Since 2019	-	APT27 or APT41	Undisclosed Organizations	Researchers from McAfee reveal the details of Operation Harvest, a cyber espionage campaign carried out by APT27 or APT41.	Targeted Attack	Z Unknown	CE	N/A		McAfee, Operation Harvest, APT27, APT41.
85	14/09/2021	-	-	?	Applicants and clients of Concept Resourcing	The applicants and clients of Concept Resourcing, an IT recruitment agency, are hit by an email scam promising a fake coronavirus passport.	Account Takeover	M Professional scientific and technical activities	CC	UK		Concept Resourcing, COVID-19
86	14/09/2021	Late August 2021	-	?	North East ISD (NEISD)	The North East ISD alerts current and former employees that a hacker compromised their personal information via a phishing attack.	Account Takeover	P Education	CC	US		North East ISD, NEISD
87	14/09/2021	-	-	?	CoxHealth	CoxHealth warns patients of a phone scam in which someone posing as the health system tries to sell patients medical equipment or steal their personal information.	Account Takeover	Q Human health and social work activities	CC	US		CoxHealth
88	14/09/2021	-	-	?	Users of Krita	Users of Krita, an open-source cross-platform digital painting application, become the latest victim of ransomware.	Malware	R Arts entertainment and recreation	CC	NL		Krita
89	15/09/2021	During August 2021	-	?	German Election Commissioner	The server of the German election commissioner suffered a hacking attack that took its website down for a few minutes, but the technical system needed for the Sept. 26 election was not affected	Unknown	O Public administration and defence, compulsory social security	CW	DE		German election commissioner
90	15/09/2021	12/9/2021	12/9/2021	Ragnar Locker	TTEC	TTEC, a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is hit with a Ragnar Locker ransomware attack.	Malware	N Administrative and support service activities	CC	US		TTEC, Ragnar Locker, ransomware
91	15/09/2021	Between February 2021 and March 2021	-	?	Republican Governors Association (RGA)	The Republican Governors Association (RGA) reveals in a data breach notification letters sent last week that its servers were breached during the extensive Microsoft Exchange ProxyLogon hacking campaign that hit organizations worldwide in March 2021.	ProxyLogon Vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 CVE-2021-26855)	S Other service activities	CE	US		Republican Governors Association, RGA, ProxyLogon, Vulnerabilities, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 CVE-2021-26855
92	15/09/2021	Since the Summer 2021	Since the Summer 2021	Mēris	Vulnerable MikroTik devices	Network equipment manufacturer MikroTik shares details on how customers can secure and clean routers compromised by the massive Mēris DDoS botnet over the summer.	Multiple Vulnerabilities	Y Multiple Industries	CC	>1		MikroTik, Mēris, DDoS
93	15/09/2021	During August 2021	During August 2021	?	Multiple organizations	Microsoft reveals that it recently saw hackers exploiting the dangerous remote code execution vulnerability in the MSHTML rendering engine of Internet Explorer through rigged Office documents and targeted developers.	CVE-2021-40444 Vulnerability	Y Multiple Industries	CC	>1		Microsoft, MSHTML, Internet Explorer, Office, CVE-2021-40444
94	15/09/2021	During August 2021	During August 2021	Ryuk AKA Wizard Spider, UNC1878	Multiple organizations	Researchers from RiskIQ reveal that Ryuk ransomware gang is back and launching new attacks exploiting the CVE-2021-40444 MSHTML vulnerability.	CVE-2021-40444 Vulnerability	Y Multiple Industries	CC	>1		RiskIQ, Ryuk, Wizard Spider, UNC1878, ransomware, CVE-2021-40444, MSHTML
95	15/09/2021	During August 2021	During August 2021	?	Companies that may work with the US Department of Transportation	Researchers from INKY discover a new phishing campaign targeting companies that may work with the US Department of Transportation.	Account Takeover	Y Multiple Industries	CC	>1		Inky, US Department of Transportation
96	15/09/2021	5/7/2021	17/7/2021	?	Directions for Living	Directions for Living discloses to have suffered a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Directions for Living, ransomware
97	15/09/2021	21/7/2021	4/8/2021	?	Central Texas Medical Specialists PLLC dba Austin Cancer Centers	Austin Cancer Centers discloses to have suffered a ransomware attack.	Malware	Q Human health and social work activities	CC	US		Central Texas Medical Specialists PLLC, Austin Cancer Centers, ransomware
98	15/09/2021	-	-	Grief	Greensville County Public Schools	Greensville County Public Schools is hit by a Grief ransomware attack.	Malware	P Education	CC	US		Greensville County Public Schools, Grief, ransomware
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

SUPPORT MY WORK!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
February 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of February 2023 where I have collected and analyzed...
16-28 February 2023 Cyber Attacks Timeline
The second cyber attacks timeline of February 2023 is out and with 10.62 events/day confirms...
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.
1-15 February 2023 Cyber Attacks Timeline
The first cyber attacks timeline of February 2023 is out setting a new maximum. In the first half of the month I collected...