The second timeline of September 2021 is here and is confirming us the growing trend that is characterizing the last period. In this timeline I have collected 108 events, up from the 98 of the previous timeline (I must confess I have added some more events that were not previously included). The levels of ransomware attacks remain stable (26.8% vs. 25.8% in August) and continue to characterize the threat landscape) and to add new high-profile victims to the unwelcome list of the targets.

Similarly, the exploitation of high-profile vulnerabilities continues to characterize this period either. Some of them are old acquaintances, such as Confluence (CVE-2021-26084), the Microsoft MSHTML rendering engine (CVE-2021-40444) or even Zoho (CVE-2021-40539). Other ones are new and confirm the dangerous trend of the last couple of years. I am talking about CVE-2021-22005 (VMWare) and also the ones affecting Apple (CVE-2021-30869) and Google Chrome (CVE-2021-37973, CVE-2021-37975 and CVE-2021-37976).

Organizations working in the DeFi (Decentralized Finance) also continue to be under pressure. During this fortnight two entities suffered severe hacks leading to the theft of the equivalent in crypto value of $12 million (pNetwork) and $3 million (SushiSwap). 

Even the cyber espionage front is quite packed with multiple state-sponsored actors busy to exfiltrate data from organizations worldwide. Well-known actors include APT29 (AKA Nobelium) which continues to be active, but in the records there are also campaigns from Turla (featuring a new backdoor called TinyTurla), APT27 (AKA Emissary Panda), APT36, TAG-28, Calypso APT and Red Foxtrot. The scene is also taken by new actors such as FamousSparrow and ChamelGeang. Particularly interesting is also the case of Roshan, an Afghan telco provider targeted by four different Chinese Groups. Last but not least the European Union has officially bamed Russia for the hacking operation known as Ghostwriter that targeted high-profile EU officials, journalists, and the general public.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • Featured Image Q1 2024Q1 2024 Cyber Attacks Statistics

    I aggregated the statistics created from the cyber attacks timelines published in the first quarter of 2024. In this period, I collected a total of 833 events (9.15 events/day) dominated by Cyber Crime with 75.2%...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

  • March 2024 MotivationsMarch 2024 Cyber Attacks Statistics

    In March 2024 I collected and analyzed 203 events dominated by malware attacks. Cyber Crime continued to lead the Motivations chart with 72.9%, ahead of Cyber Espionage with 13.3%, Cyber Warfare (5.9%) and Hacktivism (2.5%).

  • Free computer code screen image16-31 March 2024 Cyber Attacks Timeline

    In the second timeline of March 2024 I collected 104 events dominated by malware, exploitation of vulnerabilities and ransomware. The threat landscape was also characterized by several mega breaches, multiple cyber espionage operations and also some remarkable events related to cyber warfare.

  • Image by Pete Linforth from Pixabay1-15 May 2023 Cyber Attacks Timeline

    In the first half of May 2023 I collected 173 events (corresponding to 11.53 events/day), a value that confirms the sustained trend characterizing this year from an information security perspective.


The Perfect Storm

I have decided to create a new timeline tracking the high-impact vulnerabilities targeting both remote access and on-premise technologies exploited…

Continue Reading

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.