The second timeline of September 2021 is here and is confirming us the growing trend that is characterizing the last period. In this timeline I have collected 108 events, up from the 98 of the previous timeline (I must confess I have added some more events that were not previously included). The levels of ransomware attacks remain stable (26.8% vs. 25.8% in August) and continue to characterize the threat landscape) and to add new high-profile victims to the unwelcome list of the targets.
Similarly, the exploitation of high-profile vulnerabilities continues to characterize this period either. Some of them are old acquaintances, such as Confluence (CVE-2021-26084), the Microsoft MSHTML rendering engine (CVE-2021-40444) or even Zoho (CVE-2021-40539). Other ones are new and confirm the dangerous trend of the last couple of years. I am talking about CVE-2021-22005 (VMWare) and also the ones affecting Apple (CVE-2021-30869) and Google Chrome (CVE-2021-37973, CVE-2021-37975 and CVE-2021-37976).
Organizations working in the DeFi (Decentralized Finance) also continue to be under pressure. During this fortnight two entities suffered severe hacks leading to the theft of the equivalent in crypto value of $12 million (pNetwork) and $3 million (SushiSwap).
Even the cyber espionage front is quite packed with multiple state-sponsored actors busy to exfiltrate data from organizations worldwide. Well-known actors include APT29 (AKA Nobelium) which continues to be active, but in the records there are also campaigns from Turla (featuring a new backdoor called TinyTurla), APT27 (AKA Emissary Panda), APT36, TAG-28, Calypso APT and Red Foxtrot. The scene is also taken by new actors such as FamousSparrow and ChamelGeang. Particularly interesting is also the case of Roshan, an Afghan telco provider targeted by four different Chinese Groups. Last but not least the European Union has officially bamed Russia for the hacking operation known as Ghostwriter that targeted high-profile EU officials, journalists, and the general public.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/09/2021
16/9/2021
16/9/2021
?
VoIP.ms
Threat actors target voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation.
DDoS
J Information and communication
CC
CA
VoIP.ms
2
16/09/2021
During 2020
During September 2021
?
Multiple U.S. government sites
Multiple U.S. government sites using .gov and .mil domains have been seen hosting porn and spam content, such as Viagra ads, in the last year, due to a vulnerability in a common software product provided by Laserfiche, a government contractor.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
Laserfiche
3
16/09/2021
-
"Recently"
?
Multiple organizations
Security researchers from Black Lotus Lab discover malicious Linux binaries created for the Windows Subsystem for Linux (WSL).
Malware
Y Multiple Industries
CC
>1
Black Lotus Lab, Linux, Windows Subsystem for Linux, WSL
4
16/09/2021
Between 24/09/2020 and 01/12/2020
20/10/2020
?
Texoma Community Center
Texoma Community Center discloses a phishing attack affecting more than affected more than 24,000 people.
Account Takeover
Q Human health and social work activities
CC
US
Texoma Community Center
5
16/09/2021
"Recently"
-
?
WordPress and Linux systems
Researchers from Akamai discover Capoae, a new strain of malware, written in Go, used in cyberattacks launched against WordPress and Linux systems.
Malware
Y Multiple Industries
CC
>1
Akamai, Capoae, Go, WordPress, Linux
6
16/09/2021
Since at least 2013
1/5/2021
Nigerian Threat Actor
Aviation industry
Researchers from Cisco Talos reveal the details of Operation Layover, a campaign active since at leas 2013 and targeting the aviation industry for at least two years.
Targeted Attack
M Professional scientific and technical activities
CE
>1
Cisco Talos, Operation Layover
7
16/09/2021
Since Spring 2020
-
?
Government departments in at least 7 countries in the APAC and EMEA regions.
Researchers from Cyjax reveal the details of a phishing campaign targeting the government departments in at least 7 countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions.
Account Takeover
O Public administration and defence, compulsory social security
CE
>1
Cyjax
8
17/09/2021
16/9/2021
16/9/2021
AristoK3
SushiSwap
SushiSwap, a community-driven decentralized finance (DeFi) is hit by $3 million supply chain attack.
Malicious GitHub commit
V Fintech
CC
N/A
SushiSwap
9
17/09/2021
17/9/2021
17/9/2021
Multiple threat actors (including the Mirai botnet)
Vulnerable Azure instances
Threat actors start actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday.
CVE-2021-38647 Vulnerability
Y Multiple Industries
CC
>1
Microsoft, Azure OMIGOD, CVE-2021-38647, Mirai
10
17/09/2021
Since 2018
-
Numando
Bank customers in Brazil, Mexico, and Spain
Researchers from ESET reveal the details of Numando, a banking Trojan active in Brazil, Mexico, and Spain.
Malware
K Financial and insurance activities
CC
>1
ESET, Numando
11
17/09/2021
Between 02/03/2021 and 05/03/2021
5/3/2021
?
Horizon House
Horizon House warns that 27,823 people might have been impacted by a ransomware attack that took place in March.
Malware
Q Human health and social work activities
CC
US
Horizon House, ransomware
12
17/09/2021
10/9/2021
10/9/2021
?
City of Mount Vernon
City of Mount Vernon suffers a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
US
City of Mount Vernon
13
18/09/2021
17/9/2021
17/9/2021
?
Tamil Nadu Public Department
A ransomware attack is said to have encrypted certain sensitive documents of the Tamil Nadu Public Department.
Malware
O Public administration and defence, compulsory social security
CC
IN
Tamil Nadu Public Department, ransomware
14
18/09/2021
18/9/2021
18/9/2021
?
Exabytes
Exabytes reveals that it has experienced a ransomware attack.
Malware
M Professional scientific and technical activities
CC
MY
Exabytes, ransomware
15
19/09/2021
-
-
?
pNetwork
Decentralized Finance platform pNetwork suffers the theft of 277 BTC ($12M worth).
Vulnerability
V Fintech
CC
N/A
pNetwork, Crypto
16
19/09/2021
"Over the past few weeks"
-
?
Single individuals
A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks.
The Spanish National Police (Policía Nacional) and the Italian National Police (Polizia di Stato), in collaboration with Europol and Eurojust, dismantle an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) only in 2020.
Account Takeover
X Individual
CC
>1
Spanish National Police, Policía Nacional, Italian National Police, Polizia di Stato, Europol, Eurojust, Italian Mafia
18
20/09/2021
-
-
?
CMA CGM
CMA CGM is hit by another cyber attack, just under one year since its last big breach. The French containerline tells customers that it had suffered a leak of data on limited customer information involving first and last names, employer, position, email address and phone number.
Unknown
H Transportation and storage
CC
FR
CMA CGM
19
20/09/2021
20/9/2021
20/9/2021
BlackMatter
NEW Cooperative
U.S. farmers cooperative NEW Cooperative suffers a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.
Malware
I Accommodation and food service activities
CC
US
NEW Cooperative, a BlackMatter, ransomware
20
20/09/2021
20/9/2021
20/9/2021
BlackMatter
Marketron
The BlackMatter ransomware gang hits Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry.
Malware
M Professional scientific and technical activities
CC
US
BlackMatter, ransomware, Marketron
21
20/09/2021
Since 2018
During September 2021
?
Multiple organizations
Researchers from Microsoft reveal the details of BulletProofLink (also known as BulletProftLink and Anthrax), a large scale phishing-as-a-service (PhaaS) operation.
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer of TVRAT (aka TVSPY, TeamSpy, TeamViewerENT, or Team Viewer RAT),
Malware
Y Multiple Industries
CC
>1
Windows IIS, TVRAT, TVSPY, TeamSpy, TeamViewerENT Team Viewer RAT
23
20/09/2021
-
-
?
Multiple Russian government websites
Multiple Russian government websites including the elections and state services portals are hit with a DDoS attack.
DDoS
O Public administration and defence, compulsory social security
H
RU
Russia
24
20/09/2021
12/5/2021
14/5/2021
?
McAllen Surgical Specialty Center
McAllen Surgical Specialty Center discloses a ransomware attack. The data of 29,000 patients is potentially compromised.
Malware
Q Human health and social work activities
CC
US
McAllen Surgical Specialty Center, ransomware
25
20/09/2021
During July 2020
-
?
Family Medical Center of Michigan (FMC)
Family Medical Center of Michigan (FMC) begins notifying patients that their financial information was exposed during a ransomware attack. The data of 20,000 individuals is compromised.
Malware
Q Human health and social work activities
CC
US
Family Medical Center of Michigan, FMC, ransomware
26
20/09/2021
-
-
ALTDOS
Sunway Group
ALTDOS claims to have hacked Sunway Group one of Malaysia’s biggest conglomerates
Unknown
S Other service activities
CC
MY
ALTDOS, Sunway Group
27
20/09/2021
-
-
FocaLeaks
Policía Nacional Civil de El Salvador (PNC)
Hacktivists known as FocaLeaks claim to have hacked and exfiltrated data on 37,000 agents of Policía Nacional Civil de El Salvador (PNC).
Unknown
O Public administration and defence, compulsory social security
H
SV
Policía Nacional Civil de El Salvador, PNC, FocaLeaks
Organizations in the U.S., Germany, and Afghanistan
Researchers from Cisco Talos reveal the details of TinyTurla, a previously undocumented backdoor used to target organizations in the U.S., Germany, and Afghanistan.
Targeted Attack
Y Multiple Industries
CE
>1
Cisco Talos, Turla, TinyTurla
30
21/09/2021
During February 2021
-
TAG-28
Bennett Coleman And Co Ltd, (BCCL)
Researchers from Recorded Future's Insikt Group reveal that TAG-28, a China-linked group launched a cyber attack against India's largest media conglomerate, the Bennett Coleman And Co Ltd.
Targeted Attack
J Information and communication
CE
IN
Recorded Future, Insikt Group, TAG-28, Bennett Coleman And Co Ltd., BCCL
31
21/09/2021
During February 2021
-
TAG-28
Unique Identification Authority of India (UIDAI)
During the same operation, the Chinese attackers also hit the Unique Identification Authority of India (UIDAI) database, which contains a motherlode of biometric information.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
Recorded Future, Insikt Group, TAG-28, Unique Identification Authority of India, UIDAI
32
21/09/2021
"Recently"
"Recently"
z0Miner
Vulnerable Atlassian Confluence servers
Researchers from Trend Micro discover z0Miner, a new cryptojacker weaponizing the new CVE-2021-26084 Confluence vulnerability to mine for cryptocurrency on vulnerable machines.
CVE-2021-26084 Vulnerability
Y Multiple Industries
CC
>1
Trend Micro, z0Miner, CVE-2021-26084, Confluence
33
21/09/2021
Late July 2021
Late July 2021
Emissary Panda (AKA APT27)?
Undisclosed Safety Testing Organization
Researchers of eSentire reveal the details of an unusual ransomware attack mimicking the modus operandi of a state-sponsored operation.
Malware
M Professional scientific and technical activities
CE?
N/A
eSentire, Emissary Panda, APT27
34
21/09/2021
"Recently"
"Recently"
Cring
Unnamed services company
Researchers from Sophos reveal the details of a Cring ransomware attack where the attackers exploited two old Adobe ColdFusion vulnerabilities (CVE-2010-2861 and CVE-2009-3960).
Researchers from Morphisec reveal the details of a new version of the Jupyter infostealer.
Malware
Y Multiple Industries
CC
>1
Morphisec, infostealer
36
21/09/2021
Between 12/05/2021 and 18/05/2021
8/6/2021
?
Simon Eye Management
Simon Eye Management, a US chain of optometry clinics, reports a data breach potentially impacting more than 144,000 individuals, after unauthorized access to employee email accounts over a seven-day period between May 12-18, 2021.
Account Takeover
Q Human health and social work activities
CC
US
Simon Eye Management
37
21/09/2021
17/9/2021
17/9/2021
/
Pottawatomie County
Pottawatomie County suffers a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Pottawatomie County, ransomware
38
22/09/2021
19/9/2021
19/9/2021
?
Crystal Valley
Minnesota farming supply cooperative Crystal Valley suffers a ransomware attack.
Malware
I Accommodation and food service activities
CC
US
Crystal Valley, ransomware
39
22/09/2021
-
-
Conti
Multiple organizations in the US
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warn of an increased number of Conti ransomware attacks targeting US organizations.
Malware
Y Multiple Industries
CC
US
CISA, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, FBI, National Security Agency, NSA, Conti, ransomware
40
22/09/2021
22/9/2021
22/9/2021
Multiple threat actors
Multiple organizations
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against CVE-2021-22005.
CVE-2021-22005 vulnerability
Y Multiple Industries
CC
>1
VMware vCenter, CVE-2021-22005.
41
22/09/2021
-
-
?
JSC Makeyev Design Bureau
Researchers from Malwarebytes discover a campaign targeting JSC Makeyev Design Bureau, a known developer of liquid and solid fuel for Russia’s ballistic missiles and space rocket, via the recently discovered MSHTML Microsoft CVE-2021-40444 vulnerability.
CVE-2021-40444 Vulnerability
M Professional scientific and technical activities
Researchers from Malwarebytes discover a campaign targeting the Russian Interior Ministry, via the recently discovered MSHTML Microsoft CVE-2021-40444 vulnerability.
CVE-2021-40444 Vulnerability
M Professional scientific and technical activities
Debt-IN Consultants (Pty) Ltd, announces that a ransomware attack by cyber criminals has resulted in a significant data breach of consumer and employee personal information. More than 1.4 million South Africans are suspected to have been impacted.
Malware
K Financial and insurance activities
CC
ZA
Debt-IN Consultants (Pty) Ltd, ransomware
44
22/09/2021
Between 20/04/2021 and 17/05/2021
12/5/2021
?
USV Optical
USV Optical, Inc., a subsidiary of U.S. Vision, Inc., discloses that data belonging to 180,000 individuals (employees and patients) might have been accessed and possibly exfiltrated by an unauthorized individual from April 20, 2021, to May 17, 2021.
Unknown
Q Human health and social work activities
CC
US
USV Optical
45
23/09/2021
Since at least 2019
-
FamousSparrow
Multiple organizations
Researchers from ESET reveal the details of FamousSparrow, a newly discovered cyberespionage group using the ProxyLogon exploit to target hotels worldwide, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.
Targeted Attack
Y Multiple Industries
CE
>1
ESET, FamousSparrow, ProxyLogon
46
23/09/2021
23/9/2021
23/9/2021
?
Bitcoin.org
Threat actors hijack Bitcoin.org, the authentic website of the Bitcoin project, and alter its parts to push a cryptocurrency giveaway scam.
Account Takeover
V Fintech
CC
>1
Bitcoin.org
47
23/09/2021
-
-
Multiple threat actors
Undisclosed targets
Apple releases security updates to fix CVE-2021-30869, a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs.
CVE-2021-30869 Vulnerability
Z Unknown
N/A
N/A
Apple, CVE-2021-30869, iPhones, Macs
48
23/09/2021
Since August 2021
-
OpenSUpdater
Single individuals
Google researchers discover a malware campaign exploiting malformed code signatures seen as valid in Windows to bypass security software. The tactic is actively used to push OpenSUpdater, a family of unwanted software that injects ads and installs unwanted programs onto the victims' devices.
Malware
X Individual
CC
>1
OpenSUpdater, Google
49
23/09/2021
-
1/5/2021
REvil AKA Sodinokibi
Other malware operators
Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.
Malware
S Other service activities
CC
N/A
REvil, Sodinokibi, ransomware
50
23/09/2021
-
-
?
Port of Houston
A suspected state-sponsored hacking group has attempted to breach the network of the Port of Houston, one of the largest port authorities in the US, using the CVE-2021-40539 zero-day vulnerability in Zoho.
CVE-2021-40539 Vulnerability
H Transportation and storage
CE
US
Port of Houston, CVE-2021-40539, Zoho
51
23/09/2021
-
-
ZLoader
Multiple targets
Researchers from Microsoft discover a new ZLoader campaign with a shift in delivery method: from the traditional email campaigns to the abuse of online ad platforms.
Malware
Y Multiple Industries
CC
>1
Microsoft, ZLoader
52
23/09/2021
"Recently"
"Recently"
APT36 (aka Mythic Leopard and Transparent Tribe)?
Indian government and military personnel
Researchers from Cisco Talos reveal the details of "Operation Armor Piercer”, a series of malicious attacks targeting Indian government and military personnel using commercial remote access Trojans (RATs) such as Netwire and Warzone (AKA AveMaria).
Targeted Attack
O Public administration and defence, compulsory social security
Android mobile users in the United States and Canada
Researchers from Cloudmark discover TangleBot, a new piece of mobile malware spreading via SMS and currently targeting Android mobile users in the United States and Canada
Malware
K Financial and insurance activities
CC
US
CA
Cloudmark, TangleBot, Android
54
23/09/2021
-
-
?
Single Individuals in Spain
Spanish authorities warn of a phishing campaign that impersonates messaging service WhatsApp in an attempt to trick recipients into downloading the NoPiques trojan.
Malware
X Individual
CC
ES
WhatsApp, NoPiques
55
24/09/2021
Since March 2021
-
Ghostwriter
High-profile EU officials, journalists, and the general public.
The European Union officially links Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
EU
Ghostwriter, EU, Russia
56
24/09/2021
-
31/8/2021
Vice Society
United Health Centers
California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.
MoneyLion locks the customer accounts that were breached in a credential stuffing attacks over the summer.
Credential stuffing
K Financial and insurance activities
CC
US
MoneyLion
58
24/09/2021
Between March and May 20th
-
?
Coinbase users
Crypto exchange Coinbase discloses that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature.
Account Takeover
V Fintech
CC
US
Coinbase
59
24/09/2021
-
-
?
Undisclosed targets
Google releases Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing CVE-2021-37973, a high-severity zero-day vulnerability exploited in the wild.
CVE-2021-37973 vulnerability
Z Unknown
N/A
N/A
Google, Chrome 94.0.4606.61, CVE-2021-37973
60
24/09/2021
18/9/2021
18/9/2021
Conti
GSS
GSS, the Spanish and Latin America division of Covisian, one of Europe’s largest customer care and call center providers, is hit by a Conti ransomware attack.
Malware
N Administrative and support service activities
CC
ES
GSS, Conti, ransomware
61
24/09/2021
24/9/2021
24/9/2021
Colossus
Automotive group of dealerships based in the U.S.
Researchers from ZeroFox discover a new ransomware dubbed Colossus, targeting at least an automotive group of dealerships company in the US.
Malware
G Wholesale and retail trade
CC
US
ZeroFox, Colossus, ransomware
62
24/09/2021
22/9/2021
22/9/2021
?
Giant Pay
UK umbrella payroll firm Giant Pay is hit by a ransomware attack.
Malware
N Administrative and support service activities
CC
UK
Giant Pay, ransomware
63
24/09/2021
23/9/2021
23/9/2021
?
Single Individuals in the UK
UK Police issues an urgent warning after an elderly man is scammed out of £30,000 by phone fraudsters pretending to be from BT.
Account Takeover
X Individual
CC
UK
BT
64
24/09/2021
15/7/2021
-
?
Eastern Los Angeles Regional Center
Eastern Los Angeles Regional Center notifies to have suffered a phishing attack compromising the data of nearly 13,000 individuals.
Account Takeover
Q Human health and social work activities
CC
US
Eastern Los Angeles Regional Center
65
24/09/2021
27/7/2021
27/7/2021
?
Council on Aging of Southwestern (COA)
Council on Aging of Southwestern (COA) reveals to have suffered a phishing incident.
Account Takeover
Q Human health and social work activities
CC
US
Council on Aging of Southwestern, COA
66
24/09/2021
24/1/2021
24/1/2021
?
Golden Entertainment
Golden Entertainment discloses a malware incident.
Malware
R Arts entertainment and recreation
CC
US
Golden Entertainment
67
25/09/2021
20/9/2021
20/9/2021
?
Coos County Family Health Services
A ransomware attack disrupts the services at Coos County Family Health Services.
Malware
Q Human health and social work activities
CC
US
ransomware, Coos County Family Health Services
68
25/09/2021
23/9/2021
=
Desorden Group
ABX Express
Desorden Group claims to have stolen 200 GB of data from ABX Express.
Unknown
N Administrative and support service activities
CC
MY
Desorden Group, ABX Express.
69
25/09/2021
25/9/2021
25/9/2021
?
Tesuque Casino
Tesuque Casino is hit with a cyber attack.
Unknown
R Arts entertainment and recreation
CC
US
Tesuque Casino
70
26/09/2021
-
-
RansomEXX
Unione Reno Galliera
The RansomEXX gang hits the Union of Reno Galliera (a union of eight towns in the metropolitan area of Bologna) and dumps 80Gb online.
Malware
O Public administration and defence, compulsory social security
CC
IT
RansomEXX, ransomware, Union of Reno Galliera, Bologna
71
27/09/2021
During May 2016
During May 2021
?
Syniverse
Syniverse, a company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world discloses that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.
Unknown
M Professional scientific and technical activities
CE
US
Syniverse, AT&T, T-Mobile, Verizon
72
27/09/2021
Since April 2021
-
APT29 AKA Nobelium, The Dukes, Cozy Bear
Multiple organizations
Researchers from Microsoft discover FoggyWeb, a new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services (ADFS) servers.
Targeted Attack
Y Multiple Industries
CE
>1
Microsoft, FoggyWeb, Active Directory Federation Services, ADFS, APT29, Nobelium, The Dukes, Cozy Bear
73
27/09/2021
25/9/2021
25/9/2021
?
Bandwidth.com
Bandwidth.com becomes the latest victim of distributed denial of service attacks targeting VoIP providers.
DDoS
J Information and communication
CC
US
Bandwidth.com
74
27/09/2021
Since March 2021
-
BloodyStealer
Multiple gaming platforms
Researchers from Kaspersky discover BloodyStealer, a new malware sold on dark web forums used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin.
Malware
R Arts entertainment and recreation
CC
>1
Kaspersky, BloodyStealer, Steam, Epic Games Store, EA Origin
75
27/09/2021
Since at least 16/02/2021
12/9/2021
?
Firefox users
A malicious Firefox add-on named "Safepal Wallet" scam users by emptying out their wallets and lived on the Mozilla add-ons store for seven months.
Malware
V Fintech
CC
>1
Firefox, Safepal Wallet, Crypto
76
27/09/2021
10/7/2021
11/7/2021
?
Vista Radiology
Vista Radiology notifies 3,634 patients about a ransomware attack experienced on July which took part of its network offline.
Malware
Q Human health and social work activities
CC
US
Vista Radiology, ransomware
77
27/09/2021
13/9/2021
-
?
Robinwood Orthopaedic Specialty Center
Robinwood Orthopaedic Specialty Center is hit with a Groove ransomware attack. The attackers claim to have stolen 25,000 customers' cards.
Malware
Q Human health and social work activities
CC
US
Robinwood Orthopaedic Specialty Center, Groove, ransomware
78
27/09/2021
-
-
CoomingProject
El Instituto Nacional de Medicina Genómica (Inmegen)
The threat actors from CoomingProject claim to have hit El Instituto Nacional de Medicina Genómica (Inmegen) a Mexican government health agency that is involved in COVID testing or research.
Unknown
Q Human health and social work activities
CC
MX
El Instituto Nacional de Medicina Genómica, Inmegen, COVID, CoomingProject
79
27/09/2021
23/9/2021
23/9/2021
?
Allen Independent School District
Allen Independent School District emails parents and staff to inform them about the steps being taken a cybersecurity breach.
Unknown
P Education
CC
US
Allen Independent School District
80
28/09/2021
From at least July 2020 to September 2021
During 2020
Calypso APT
Roshan
Researchers from Recorded Future's Insikt Group detect an intrusion activity targeting a mail server of Roshan, one of Afghanistan’s largest telecommunications providers.
Targeted Attack
J Information and communication
CE
AG
Recorded Future, Insikt Group, Roshan, Calypso APT
81
28/09/2021
From at least July March to May 2021
-
RedFoxtrot
Roshan
Researchers from Recorded Future's Insikt Group detect an additional intrusion activity targeting Roshan.
In the same period, researchers from Recorded Future's Insikt Group detect an additional intrusion activity targeting a second, undisclosed, Afghan telecommunications organization.
Targeted Attack
J Information and communication
CE
AG
Recorded Future, Insikt Group, Roshan, RedFoxtrot
83
28/09/2021
August and September 2021
-
?
Roshan
Researchers from Recorded Future's Insikt Group detect an additional intrusion activity targeting Roshan carried out via the Winnti backdoor.
Targeted Attack
J Information and communication
CE
AG
Recorded Future, Insikt Group, Roshan, Winnti
84
28/09/2021
-
-
?
Roshan
And finally, the same researchers from Recorded Future's Insikt Group detect an additional intrusion activity targeting Roshan carried out via the PlugX backdoor.
Targeted Attack
J Information and communication
CE
AG
Recorded Future, Insikt Group, Roshan, PlugX
85
28/09/2021
During September 2021
During September 2021
?
Multiple organizations
Researchers from Armorblox discover a credential phishing attack spoofing an encrypted message notification from Zix, a company offering security services.
Account Takeover
Y Multiple Industries
CC
>1
Armorblox, Zix
86
28/09/2021
-
-
ERMAC
Mobile banking users
Researchers from ThreatFabric reveal the details of ERMAC, a new Android banking Trojan that can steal financial data from 378 banking and wallet apps.
Malware
K Financial and insurance activities
CC
>1
ThreatFabric, ERMAC, Android
87
28/09/2021
-
-
?
Twitter users
Fraudsters are using Twitter bots to trick unsuspecting tweeters into making PayPal and Venmo payments to accounts under their control.
Fake social media/web pages
X Individual
CC
>1
Twitter
88
28/09/2021
-
-
?
America’s Frontline Doctors
America’s Frontline Doctors, a right-wing group that promotes pro-Trump doctors during the coronavirus pandemic, has some data leaked after an alleged hack.
Unknown
S Other service activities
CC
US
America’s Frontline Doctors
89
28/09/2021
25/9/2021
25/9/2021
?
Lufkin Independent School District
Lufkin Independent School District is hit with a ransomware attack.
Malware
P Education
CC
US
Lufkin Independent School District, ransomware
90
29/09/2021
Since February 2021
During June 2021
APT29 AKA Nobelium, The Dukes, Cozy Bear
Multiple organizations
Researchers from Kaspersky discover Tomiris a new backdoor likely developed by the Nobelium hacking group behind last year's SolarWinds supply chain attack.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, Tomiris, SolarWinds, APT29, Nobelium, The Dukes, Cozy Bear
91
29/09/2021
Between November 2020 and April 2021
-
GriftHorse
Android users
Researchers from Zimperium discover GriftHorse, a large-scale malware campaign that has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by tricking them into subscribing to paid services without their knowledge.
Malware
X Individual
CC
>1
Zimperium, GriftHorse, Android
92
29/09/2021
-
-
Conti
Multiple organizations
Researchers from Advanced Intelligence discover a new version of the Conti ransomware able to destroy backups.
Malware
Y Multiple Industries
CC
>1
Advanced Intelligence, Conti, ransomware
93
29/09/2021
-
-
?
PayPal, Apple Pay and Google Pay users
Researchers from Intel 471 discover a campaign stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay using Telegram bots and channels
Account Takeover
K Financial and insurance activities
CC
>1
Intel 471, PayPal, Apple Pay, Google Pay, Telegram
94
29/09/2021
During 2021
-
TA544
Organizations in Italy
Researchers from Proofpoint discover a new malware campaign targeting more than 2,000 organizations in Italy with the Ursnif banking trojan.
Malware
K Financial and insurance activities
CC
IT
Proofpoint, Ursnif
95
29/09/2021
29/9/2021
29/9/2021
?
Schneck Medical Center
Schneck Medical Center suffers a cyber attack.
Unknown
Q Human health and social work activities
CC
US
Schneck Medical Center
96
30/09/2021
Sometime in May 2020
-
?
Neiman Marcus
American luxury retailer Neiman Marcus Group (NMG) discloses a major data breach impacting approximately 4.6 million customers. The breach occurred sometime in May 2020 after "an unauthorized party" obtained the personal information of some Neiman Marcus customers from their online accounts.
Unknown
G Wholesale and retail trade
CC
US
Neiman Marcus
97
30/09/2021
-
-
?
Undisclosed targets
Google releases Chrome 94.0.4606.71 for Windows, Mac, and Linux, to fix CVE-2021-37975 and CVE-2021-37976, two zero-day vulnerabilities that have been exploited by attackers.
The Hydra banking trojan is back to targeting European e-banking platform users, and more specifically, customers of Commerzbank, Germany’s second-largest financial institution.
Malware
K Financial and insurance activities
CC
DE
Hydra, Android, Commerzbank
99
30/09/2021
Since at least January 2021
-
Russian-speaking threat actor
Single individuals
Researchers from Cisco Talos reveal that threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent.
Southeast Asian governmental entities and telecommunication companies
Researchers from Kaspersky reveal that the Chinese-speaking cyberspies from GhostEmperor have targeted Southeast Asian governmental entities and telecommunication companies for more than a year, backdooring systems running the latest Windows 10 versions with a newly discovered rootkit dubbed Demodex.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, GhostEmperor, Demodex
101
30/09/2021
-
-
Conti
JVCKenwood
JVCKenwood suffers a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.
Malware
C Manufacturing
CC
JP
JVCKenwood, Conti, ransomware
102
30/09/2021
Earlier in the same week
Earlier in the same week
?
TiteLive
Hundreds of bookstores across France, Belgium, and the Netherlands have their operations disrupted this week after a ransomware attack cripples the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management.
Malware
N Administrative and support service activities
CC
FR
TiteLive, Ransomware
103
30/09/2021
Between April and June 2021
-
Proxy Phantom
Online merchants
Researchers from Sift reveal the details of Proxy Phantom, a campaign using over 1.5 million sets of stolen account credentials in automated credential stuffing attacks against online merchants.
Credential stuffing
G Wholesale and retail trade
CC
>1
Sift, Proxy Phantom
104
30/09/2021
Since the end of March 2021
During Q2 2021
ChamelGang
Energy and aviation firms in Russia, and institutions including governments in nine other countries
Researchers from Positive Technologies reveal the details of ChamelGang, a new threat actor targeting energy and aviation firms in Russia, and institutions including governments in nine other countries.
Targeted Attack
Y Multiple Industries
CE
>1
Positive Technologies, ChamelGang
105
30/09/2021
-
-
?
James Bond's movies fans
Researchers from Kaspersky reveal that the long-awaited release of the new James Bond movie 'No Time to Die' is being exploited by cyber-criminals via malicious pop-ups, digital adverts, and phishing websites dedicated to the new release.
>1
R Arts entertainment and recreation
CC
>1
Kaspersky, James Bond, No Time to Die
106
30/09/2021
-
-
?
Stonington Public Schools
Stonington Public Schools is hit with a ransomware attack.
Malware
P Education
CC
US
Stonington Public Schools, ransomware
107
30/09/2021
mid-February 2021
-
?
Hawaii Payroll Services LLC
Hawaii Payroll Services reveals to have suffered a ransomware attack affecting 4,500 individuals.
Malware
K Financial and insurance activities
CC
US
Hawaii Payroll Services, ransomware
108
30/09/2021
30/09/2021
30/09/2021
?
National University of Ireland (NUI) Galway
IT systems at National University of Ireland (NUI( Galway remain offline, after an attempted cyberattack is detected.
Unknown
P Education
CC
IE
National University of Ireland Galway, NUI
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
During August 2021, I have collected 170 events that I can finally aggregate into (hopefully useful) statistics. This number represents a 10% decrease in comparison to the
Q3 2023 Cyber Attacks Statistics
Q1 2023 Cyber Attacks Statistics
The Biggest Data Breaches of 2023
September 2023 Cyber Attacks Statistics
2022 Cyber Attacks Statistics
