The second cyber attacks timeline of October 2021 is out and brings us a sharp increase in the number of events (111) after the apparent break in the first half of October when I collected 86 events. Unsurprisingly, ransomware continues to dominate the threat landscape, characterizing, directly or indirectly, 30.6% of the events (34 out of 111), in comparison with 28.6% of the previous timeline.
And rather unsurprisingly, vulnerabilities continue to characterize the threat landscape, being one of the preferred initial access vectors for attackers for opportunistic and state-sponsored attackers: the annus horribilis for the Google Chrome platform continues, and even this fortnight has seen a trove of new vulnerabilities exploited in the wild: CVE-2021-21224, CVE-2021-31956, CVE-2021-38000, and CVE-2021-38003.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The first cyber attacks timeline of October 2021 is here and let me say that, at least in terms of numbers, I have recorded the lower value for this year:
The season of the mega breaches is not over yet: this time it has been the turn of 50 million Moscow drivers, who had their data sold on an underground forum for only $800.
And if you think that the weaponization of deepfakes is going to get worse, you won’t be disappointed: a group of fraudsters made off with $35 million after using forged email messages and deepfake audio to convince an employee of a United Arab Emirates company that a director requested the money as part of an acquisition of another organization.
Even he cyber espionage front is particularly rich of events this fortnight, but this isn’t a surprise. The infamous Nobelium group, the one behind the massive Solarwinds supply-chain attack is back with a new widespread campaign targeting 140 managed service providers and cloud service providers attacked and at least 14 breached since May 2021. The North Korean Lazarus Group is back from the shadow with a new campaign targeting a South Korean think tank and a company developing asset monitoring solutions in Latvia. But also new actors emerge such as the Harvester and LightBasin.. And the list does not end up here…
Expand for details
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/10/2021
16/10/2021
16/10/2021
DeepBlueMagic
Ten Israeli hospitals
Ten Israeli hospitals are hit by a DeepBlueMagic ransomware attack allegedly orchestrated by Chinese hackers.
Malware
Human health and social work
CC
IL
DeepBlueMagic, ransomware, China
2
17/10/2021
17/10/2021
17/10/2021
?
Atento
Business process outsourcing (BPO) and customer relationship management multinational Atento is hit by a cyberattack, with the greatest impact seen in Brazil, its largest operation in Latin America.
Unknown
Professional, scientific and technical
CC
BR
Atento
3
18/10/2021
16/10/2021
16/10/2021
Evil Corp
Sinclair Broadcast Group
Sinclair Broadcast Group is hit with a Macaw Locker ransomware attack.
Telecommunication providers and IT firms in South Asia
Researchers from Broadcom Symantec reveal the details of Harvester, a previously unknown state-sponsored actor deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia.
Targeted Attack
Information and communication
CE
>1
Harvester, Symantec
5
18/10/2021
Since July 2021
-
BlackMatter
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) publish a joint advisory to warn organizations of an increased threat posed by the BlackMatter ransomware gang.
Malware
Multiple Industries
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, National Security Agency, NSA, BlackMatter, ransomware
6
18/10/2021
During 2021
-
Lyceum APT
Entities in Tunisia (telecoms or aviation companies)
Researchers from Kaspersky detail a new cluster of activities from the Lyceum APT.
Targeted Attack
Multiple Industries
CE
TN
Kaspersky, Lyceum APT
7
18/10/2021
18/10/2021
18/10/2021
RootAyyıldız
Donald Trump's website
A hacker allegedly from Turkey defaces a section of Donald Trump's website.
Defacement
Individual
H
US
Turkey, Donald Trump, RootAyyıldız
8
18/10/2021
Between 31/03/2021 and 01/04/2021.
-
?
North American Dental Management
Professional Dental Alliance notifies tens of thousands of patients that some of their protected health information was stored in email accounts from its vendor North American Dental Management that were accessed by an unauthorized individual.
Account Takeover
Administration and support service
CC
US
Professional Dental Alliance, North American Dental Management
9
19/10/2021
9/10/2021
9/10/2021
?
Ferrara Candy
Ferrara Candy reveals to have been hit with a ransomware attack.
Malware
Accommodation and food service
CC
US
Ferrara Candy
10
19/10/2021
-
Since 2016
LightBasin AKA UNC1945
13 global telecoms worldwide
Researchers from Crowdstrike reveal the details of LightBasin, a group of hackers compromising mobile telecommunication systems across the world for the past five years.
Targeted Attack
Information and communication
CE
>1
Crowdstrike, LightBasin, UNC1945
11
19/10/2021
Since September 2021
During September 2021
PurpleFox
Targets in China
Researchers from Trend Micro discover a new version of the PurpleFox botnet with added vulnerabilities and optimized rootkit capabilities.
Acer suffers a second cyberattack in just a week by the same hacking group.
Unknown
Manufacturing
CC
TW
Acer Taiwan, Desorden Group
13
19/10/2021
-
-
?
Entities in India and Afghanistan
Researchers from Cisco Talos discover a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan via dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882.
Malware
Multiple Industries
CC
IN
AF
Cisco Talos, dcRAT, QuasarRAT, CVE-2017-11882
14
19/10/2021
-
-
?
Chrome users
Researchers from Avast reveal that the operators of the Magnitude exploit kit have added support for an attack chain targeting the Chrome web browser via CVE-2021-21224 and CVE-2021-31956.
CVE-2021-21224 and CVE-2021-31956 vulnerabilities
Individual
CC
>1
Avast, Magnitude, CVE-2021-21224, CVE-2021-31956
15
19/10/2021
-
-
Multiple threat actors
Android users
Malicious actors manage to spread hundreds of malicious Squid Game apps on Google Play including a variant of the Joker malware.
Malware
Individual
CC
>1
Squid Game, Google Play, Joker, Android
16
19/10/2021
"Recently"
-
TA505 AKA Hive0065
German-speaking countries
Researchers from Proofpoint discover a new campaign by TA505 using a new version of the FlawedGrace RAT.
Malware
Multiple Industries
CC
>1
Proofpoint, TA505, FlawedGrace, Hive0065
17
19/10/2021
-
-
?
Centre for Computing History (CCH)
The Centre for Computing History (CCH) in Cambridge, England reveals to have been hit with a phishing attack.
Account Takeover
Education
CC
UK
Centre for Computing History, CCH
18
20/10/2021
During January 2020
During January 2020
?
United Arab Emirates company
A group of fraudsters made off with $35 million after using forged email messages and deepfake audio to convince an employee of a United Arab Emirates company that a director requested the money as part of an acquisition of another organization,
Deepfake
Unknown
CC
UAE
Deepfake
19
20/10/2021
20/10/2021
20/10/2021
Everest
Società Italiana degli Autori ed Editori (SIAE)
Società Italiana degli Autori ed Editori (SIAE), the Italian, the agency responsible for protecting the intellectual property rights of copyright holders' creative works, is hit with an Everest ransomware attack.
Malware
Arts entertainment, recreation
CC
IT
Società Italiana degli Autori ed Editori, SIAE, Everest. Ransomware
20
20/10/2021
Since May 2019
-
Russian-speaking threat actors
YouTube accounts
Researchers from Google Threat Analysis Group reveal to have blocked 1.6 million phishing emails since May 2021 that were part of a malware campaign to hijack YouTube accounts and promote cryptocurrency scams.
Account Takeover
Individual
CC
>1
Google Threat Analysis Group, YouTube
21
20/10/2021
Since the past few months
-
FiveSys
Multiple organizations
Researchers from Bitdefender discover FiveSys a rootkit with a Microsoft-issued digital signature used to proxy traffic to malicious destinations.
Malware
Multiple Industries
CC
>1
Bitdefender, FiveSys, Microsoft
22
20/10/2021
-
-
?
Multiple organizations
Researchers from Sonatype uncover crypto-mining malware hidden inside three JavaScript libraries, klow, klown, okhsa, uploaded on the official npm package repository.
Malware
Multiple Industries
CC
>1
Sonatype, JavaScript, klow, klown, okhsa
23
20/10/2021
-
-
?
Bosch
Unknown attackers allegedly breach and infiltrate the servers of Bosch iSite, exploiting a SonarQube zero-day vulnerability, and make away with the source code of the manufacturing giant’s 5G IoT connectivity platform.
SonarQube zero-day vulnerability
Manufacturing
CC
DE
Bosch iSite, SonarQube
24
20/10/2021
16/10/2021
20/10/2021
Grief AKA PayOrGrief
Central Indiana Orthopedics
Central Indiana Orthopedics discloses to have been hit with a Grief ransomware attack.
Malware
Human health and social work
CC
US
Central Indiana Orthopedics, Grief, PayOrGrief, ransomware
25
21/10/2021
Since November 2020
Earlier In October 2021
WizardUpdate (AKA UpdateAgent or Vigram)
Multiple organizations
Microsoft says it found new variants of the macOS malware known as WizardUpdate (also tracked as UpdateAgent or Vigram), updated to use new evasion and persistence tactics.
Three months after being hit by ransomEXX ransomware gang, the Taiwanese computer hardware manufacturer GIGABYTE falls victim to the AvosLocker ransomware.
Malware
Manufacturing
CC
TW
RansomEXX, ransomware, GIGABYTE, AvosLocker
27
21/10/2021
Mid-October 2021
Mid-October 2021
Multiple threat actors
Single individuals
Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers.
Malware
Individual
CC
>1
YouTube
28
21/10/2021
-
-
?
Users In South Korea
Researchers from Ahnlab discover an ongoing malware distribution campaign targeting South Korea disguising RATs as an adult game shared via webhards and torrents.
Malware
Individual
CC
KR
Ahnlab
29
21/10/2021
Between 03/02/2021 and 16/04/2021
18/2/2021
?
SCUF Gaming International
SCUF Gaming International, a leading manufacturer of custom PC and console controllers, notifies customers that its website was hacked in February to plant a malicious script used to steal their credit card information.
Malicious Script Injection
Manufacturing
CC
US
SCUF Gaming International
30
21/10/2021
-
-
TodayZoo
Organizations using Microsoft 365
Researchers from Microsoft detail TodayZoo, an unusual phishing campaign aimed at stealing passwords that uses a phishing kit built using pieces of code copied from other hackers' work.
Account Takeover
Multiple Industries
CC
>1
Microsoft, TodayZoo
31
21/10/2021
20/10/2021
20/10/2021
?
MCH Group
Swiss events organizer and marketing company MCH Group was is by a malware attack.
Malware
Professional, scientific and technical
CC
CH
MCH Group
32
21/10/2021
During 2021
-
?
Multiple organizations
Researchers from Check Point and RiskIQ discover multiple campaigns abusing the Discord digital communication platform to deliver malware.
Malware
Multiple Industries
CC
>1
Check Point, RiskIQ, Discord
33
21/10/2021
-
-
TA551 (AKA Shathak)
Multiple organizations
Researchers from ProofPoint discover a new campaign by TA551 delivering the Sliver red-teaming tool.
Malware
Multiple Industries
CC
>1
ProofPoint, TA55, Sliver
34
21/10/2021
Between 17/08/2021 and 22/08/2021
22/8/2021
?
Texas Lavaca Medical Center
Texas Lavaca Medical Center notifies 48,705 patients that their protected health data might have been exposed in a cyberattack.
Unknown
Human health and social work
CC
US
Texas Lavaca Medical Center
35
21/10/2021
4/10/2021
4/10/2021
Desorden Group
Protemps Employment Services
Protemps Employment Services have the personal details of some 40,000 job applicants leaked online by Desorden Group.
Unknown
Administration and support service
CC
SG
Protemps Employment Services, Desorden Group
36
22/10/2021
-
-
?
Moscow drivers
Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.
Unknown
Unknown
CC
RU
Moscow
37
22/10/2021
-
-
?
Multiple organizations
Researchers from Huntress Lab reveal that an unknown ransomware group is exploiting a CVE-2021-42258, critical SQL injection bug in the BQE Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks.
Malware
Multiple Industries
CC
>1
Huntress Lab, Ransomware, CVE-2021-42258, BQE Web Suite
38
22/10/2021
21/10/2021
21/10/2021
?
Eight email service providers
At least eight email service providers, Runbox, Posteo, Fastmail, TheXYZ, Guerilla Mail, Mailfence, Kolab Now, and RiseUp, are hit by large distributed DDoS attacks.
The law firm Wiggin and Dana LLP discloses a ransomware attack.
Malware
Professional, scientific and technical
CC
US
Wiggin and Dana LLP, ransomware
41
23/10/2021
-
-
?
Multiple organizations
Hackers hijack the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.
Malware
Multiple Industries
CC
>1
UA-Parser-JS, NPM
42
23/10/2021
24/10/2021
24/10/2021
?
Tesco
UK supermarket giant Tesco restores access to its website and app after an outage strikes the service, preventing customers from ordering or cancelling deliveries.
Unknown
Wholesale and retail
CC
UK
Tesco
43
23/10/2021
20/8/2021
25/8/2021
?
Tech Etch
Tech Etch, a manufacturer of precision-engineered thin metal components, flexible printed circuits, and EMI/RFI shielding, announces it was the victim of a ransomware attack in which the personal and protected health information of current and former employees was potentially compromised.
Malware
Manufacturing
CC
US
Tech Etch, ransomware
44
23/10/2021
16/10/2021
16/10/2021
?
Corry School District
Corry School District is hit with a ransomware attack
Malware
Education
CC
US
Corry School District, ransomware
45
23/10/2021
Between 29/07/2021 and 10/08/2021
10/8/2021
?
EMI Health
EMI Health discloses a data breach.
Unknown
Human health and social work
CC
US
EMI Health
46
23/10/2021
-
-
Groove
TriValley Primary Care
TriValley Primary Care is hit with a Groove ransomware attack.
Malware
Human health and social work
CC
US
TriValley Primary Care, Groove ransomware
47
24/10/2021
Since May 2021
-
Nobelium
140 managed service providers and cloud service provider
Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 managed service providers and cloud service providers attacked and at least 14 breached since May 2021.
Targeted Attack
Professional, scientific and technical
CE
>1
Microsoft, Nobelium, SolarWinds
48
24/10/2021
24/10/2021
24/10/2021
Devil Killer
Sambalpur University
A group of Pakistani hackers defaces the website of the Sambalpur University (grievance.suniv.ac.in).
German multinational company Eberspächer Group sends a part of its factory workforce home after a ransomware attack.
Malware
Manufacturing
CC
DE
Eberspächer Group, ransomware
50
25/10/2021
During 2021
-
Ranzy Locker
At least 30 US companies
The FBI says that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors.
Malware
Multiple Industries
CC
US
Ranzy Locker, ransomware, FBI
51
25/10/2021
-
Mid-October 2018
-
Android users
Researchers from Avast reveal the details of UltimaSMS, a massive fraud campaign utilizing 151 Android apps with 10.5 million downloads used to subscribe users to premium subscription services.
Malware
Individual
CC
>1
Avast, UltimaSMS, Android
52
25/10/2021
-
Early June 2021
?
Mozilla Firefox users
Mozilla reveals to have blocked Bypass and Bypass XM, two malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates.
Malicious Firefox Extension
Individual
CC
>1
Mozilla, Bypass, Bypass XM, Firefox
53
25/10/2021
-
19/10/2021
?
Agape Connecting People
Agape Connecting People, a vendor that provides contact centre services and solutions, discloses a cyber attack due to unauthorised access by a malicious third party. Fullerton Health is affected.
Unknown
Professional, scientific and technical
CC
SG
Agape Connecting People, Fullerton Health
54
25/10/2021
Since September 2021
-
?
Multiple organizations
Multiple ransomware gangs have weaponized and are abusing a zero-day in EntroLink VPN appliances after an exploit is released on an underground cybercrime forum at the start of September 2021.
Malware
Multiple Industries
CC
>1
Ransomware, EntroLink VPN
55
25/10/2021
Since June 2021
During June 2021
?
GitLab servers
An actively exploited remote code execution vulnerability in GitLab continues to affect roughly 30,000 Internet-facing installations six months after patches were released
CVE-2021-22205 vulnerability
Multiple Industries
CC
>1
GitLab, CVE-2021-22205
56
25/10/2021
-
-
?
University of Colorado Boulder
A data breach at the University of Colorado Boulder potentially exposes the personal details of 30,000 current and former students. The incident was a result of a cyber-attack on third-party service Atlassian.
Atlassian vulnerability
Education
CC
US
University of Colorado Boulder, Atlassian
57
25/10/2021
-
-
?
Daimler AG
A threat actor claims to have leaked the Mercedes-Benz platform’s source code allegedly stolen from a China-based division.
Unknown
Manufacturing
CC
CN
Daimler AG, Mercedes-Benz
58
25/10/2021
-
31/04/2021
?
Specialty Surgery Center of Central New York
Syracuse ASC, dba Specialty Surgery Center of Central New York, notifies 24,891 patients that some of their protected health information (PHI) was potentially accessed by unauthorized individuals who gained access to its computer systems.
Unknown
Human health and social work
CC
US
Syracuse ASC, Specialty Surgery Center of Central New York
59
25/10/2021
-
-
Team HDP
Dirección General de Contrainteligencia Militar (DGCIM)
A group of hackers calling themselves Team HDP hacks into the Venezuelan intelligence body database (DGCIM) and obtains the personal details of alleged Hezbollah operatives.
Unknown
Public admin and defence, social security
H
VE
Dirección General de Contrainteligencia Militar, DGCIM, Team HDP, Hezbollah
60
25/10/2021
23/10/2021
23/10/2021
?
School District of Janesville
The School District of Janesville says it was hit with a ransomware attack.
Malware
Education
CC
US
School District of Janesville, ransomware
61
26/10/2021
26/10/2021
26/10/2021
?
National Iranian Oil Products Distribution Company (NIOPDC)
Gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) stop working due to a cyberattack that affected the entire distribution network.
Unknown
Electricity, gas steam, air conditioning
CW
IR
National Iranian Oil Products Distribution Company, NIOPDC, Iran, Israel
62
26/10/2021
Over the past year
-
?
high-profile identities such as C-level executives
The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives.
Password spray
Multiple Industries
CC
>1
Microsoft Detection and Response Team, DART
63
26/10/2021
Since mid-September 2021
-
-
Multiple organizations
Researchers from Cisco Talos discover Squirrelwaffle. a new malware tool spreading via spam campaigns and dropping multiple payloads such as Qakbot and Cobalt Strike.
Researchers from Kaspersky reveal the details of a new campaign by the Lazarus Group targeting a South Korean think tank using new variant of the BLINDINGCAN backdoor.
Company developing asset monitoring solutions in Latvia
Researchers from Kaspersky reveal the details of a new campaign by the Lazarus Group targeting a company developing asset monitoring solutions in Latvia using new variant of the Copperhedge backdoor.
Researchers at Qihoo 360 discover an ongoing Android spyware campaign targeting Israeli users since 2018.
Malware
Individual
CE
IL
Qihoo 360, Android
67
26/10/2021
23/10/2021
23/10/2021
?
Schreiber Foods
Schreiber Foods is hit with a ransomware attack.
Malware
Accommodation and food service
CC
US
Schreiber Foods, ransomware
68
26/10/2021
Between 15/09/2021 and 13/11/2021
Between 15/09/2021 and 13/11/2021
?
Multiple organizations
Researchers from Abnormal Security discover a new phishing campaign attempting to collect Microsoft 365 credentials using QR codes.
Account Takeover
Multiple Industries
CC
>1
Abnormal Security, Microsoft 365
69
26/10/2021
Since October 2021
Since October 2021
?
Gsuite & Microsoft users
Researchers from INKY discover a new phishing campaign in which threat actors manipulate Craigslist email system to send fraudulent violation notifications, spreading malware hosted on an abused OneDrive page that impersonates major brands like DocuSign, Norton, and Microsoft.
Malware
Multiple Industries
CC
>1
INKY, Craigslist, OneDrive, DocuSign, Norton, Microsoft
70
26/10/2021
10/10/2021
10/10/2021
?
Community Medical Centers (CMC)
Community Medical Centers notifies 656,047 patients of a ransomware incident.
Malware
Human health and social work
CC
US
Community Medical Centers, CMC, ransomware
71
26/10/2021
25/8/2021
27/8/2021
?
Seneca Family of Agencies
Seneca Family of Agencies reveals to have been identified unauthorized activity within its computer systems.
Unknown
Human health and social work
CC
US
Seneca Family of Agencies
72
26/10/2021
-
-
Desorden Group
Central Restaurants Group
Central Restaurants Group are the latest victim of the Desorden Group
Unknown
Accommodation and food service
CC
TH
Central Restaurants Group, Desorden Group
73
26/10/2021
-
22/9/2021
?
Samaritan Daytop Village
Samaritan Daytop Village discloses a security incident.
Unknown
Human health and social work
CC
US
Samaritan Daytop Village
74
27/10/2021
-
27/10/2021
Grief AKA PayOrGrief
National Rifle Association (NRA)
The Grief ransomware gang claims to have attacked the National Rifle Association (NRA) and releases stolen data as proof of the attack.
Malware
Other service activities
CC
US
Grief, PayOrGrief, ransomware, National Rifle Association, NRA
75
27/10/2021
27/10/2021
27/10/2021
?
Cream Finance
Hackers steal an estimated $130 million worth of cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform.
Undisclosed vulnerability
Fintech
CC
TW
Cream Finance
76
27/10/2021
Throughout 2021
-
TA2722 AKA Balikbayan Foxes
Shipping, logistics, manufacturing, pharmaceutical, business, and energy sectors across the US, Europe, and Asia.
Researchers from Proofpoint discover a new threat group impersonating the Philippine government and businesses and targeting the shipping, logistics, manufacturing, pharmaceutical, business, and energy sectors across the US, Europe, and Asia with the Remcos and Nanocore trojans.
Researchers from Sonatype discover two malicious NPM packages, noblox.js-proxy and noblox.js-proxies, pretending to be Roblox libraries and delivering the MBRLocker ransomware and password-stealing trojans on unsuspecting users.
Organizations in in Central Europe, North America, and the Middle East
Researchers from ESET discover Wslink, a previously undescribed loader for Windows binaries that runs as a server and executes modules in memory.
Malware
Multiple Industries
CC
>1
ESET, Wslink
79
27/10/2021
Since January 2020
During October 2021
?
Harry and Meghan
Researchers from Bot Sentinel uncover a ‘coordinated campaign’ against Harry and Meghan on Twitter.
Fake Social Accounts
Individual
N/A
UK
Bot Sentinel, Harry, Meghan, Twitter
80
27/10/2021
-
-
?
Unknown organization
Some of the keys used to generate the European Green Pass are stolen and distributed in the underground to create false COVID-19 health certificates.
Unknown
Unknown
CC
N/A
COVID-19, Green Pass
81
27/10/2021
From March to June 2021
During June 2021
?
Retired couple in Florida
A retired couple in Florida loses all their savings using a scam via the payment app Venmo.
Account Takeover
Individual
CC
US
Venmo
82
27/10/2021
27/10/2021
27/10/2021
?
Washington Central Unified Union School District
Washington Central Unified Union School District discloses a possible ransomware attack.
Malware
Education
CC
US
Washington Central Unified Union School District
83
28/10/2021
Since January 2021
Since January 2021
HelloKitty (AKA FiveHands)
Multiple targets
The U.S. Federal Bureau of Investigation FBI sends out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.
DDoS
Multiple Industries
CC
US
U.S. Federal Bureau of Investigation, FBI, HelloKitty, ransomware, FiveHands
84
28/10/2021
Recently
Recently
Chaos
Minecraft gamers in Japan.
Researchers from Fortinet discover a variant of the Chaos ransomware that appears to target Minecraft gamers in Japan.
Malware
Arts entertainment, recreation
CC
JP
Fortinet, Chaos, ransomware, Minecraft
85
28/10/2021
Since November 2020
-
Snake
Multiple organizations
Researchers from Cybereason reveal the details of Snake, a popular password-stealing trojan sold for as low as $25 in popular dark web forums.
Malware
Multiple Industries
CC
>1
Cybereason, Snake
86
28/10/2021
-
-
?
Chrome users
Google releases Chrome 95.0.4638.69 for Windows, Mac, and Linux to fix two zero-day vulnerabilities (CVE-2021-38000 and CVE-2021-38003) actively exploited.
A new variant of the Android info-stealer FakeCop is discovered in phishing campaigns impersonating KDDI and masquerading as 'Anshin Security,' a popular antivirus product in Japan.
Malware
Individual
CC
JP
Android, FakeCop, KDDI, Anshin Security
88
28/10/2021
-
-
AbstractEmu
Android users in Japan
Researchers at Lookout identify AbstractEmu, a new Android rooting malware distributed on Google Play and other App stores via 19 applications with more than 10,000 downloads.
Malware
Individual
CC
>1
Lookout, AbstractEmu, Google Play, Android
89
28/10/2021
-
-
REvil AKA Sodinokibi
Multiple organizations
Researchers from Menlo Security discover GootLoader, a campaign distributing the REvil ransomware via SEO poisoning abusing compromised WordPress sites.
Malware
Multiple Industries
CC
>1
Menlo Security, GootLoader, SEO poisoning, WordPress, REvil, Sodinokibi
90
28/10/2021
-
-
SolarMarker
Multiple organizations
Researchers from Menlo Security discover a campaign distributing the SolarMarker backdoor via SEO poisoning abusing compromised WordPress sites.
Malware
Multiple Industries
CC
>1
Menlo Security, SolarMarker, SEO poisoning, WordPress
91
28/10/2021
27/10/2021
27/10/2021
TA575
All industries primarily in the United States
Researchers from Proofpoint discover a prolific cybercrime group using the popularity of Netflix hit "Squid Game" to spread the Dridex malware.
Malware
Multiple Industries
CC
US
TA575, Proofpoint, Squid Game, Dridex
92
28/10/2021
-
-
?
Single individuals
Researchers from Fortinet discover a new scam using the lure of an Amazon gift card generator to steal cryptocurrency from people.
Malware
Individual
CC
>1
Fortinet, Amazon
93
28/10/2021
-
-
?
Android users
Security researchers at Lookout discover AbstractEmu, a new Android malware strain that contains the ability to root smartphones.
Malware
Individual
CC
>1
Lookout, AbstractEmu, Android
94
28/10/2021
Between June 2020 and January 2021
27/1/2021
?
UMass Memorial Health
UMass Memorial Health notifies 200,individuals that someone hacked into its employee email system, potentially exposing their personal information.
Account Takeover
Human health and social work
CC
US
UMass Memorial Health
95
28/10/2021
22/10/2021
22/10/2021
?
Papua New Guinea's finance ministry
A ransomware attack on Papua New Guinea's finance ministry briefly disrupts government payments and operations.
Malware
Public admin and defence, social security
CC
PG
Papua New Guinea, ransomware
96
28/10/2021
-
-
?
Single individuals in the US.
The Federal Trade Commission (FTC) warns that scammers are impersonating the Internal Revenue Service (IRS) and sending fake emails saying that the victim can get a third Economic Impact Payment (EIP).
Researchers from Rapid7 identify a malware campaign targeting Windows 10 via a technique able to bypass Windows protections called User Account Control (UAC).
Malware
Multiple Industries
CC
>1
Rapid7, Windows 10, User Account Control, UAC
98
28/10/2021
19/5/2021
-
?
Nationwide Laboratory Services
Nationwide Laboratory Services reveals to have been hit with a ransomware attack affecting 33,000 individuals.
Malware
Human health and social work
CC
US
Nationwide Laboratory Services, ransomware
99
28/10/2021
Between 19/11/2020 and 18/02/2021
4/2/2021
?
City of Titusville
The City of Titusville provides notice of a phishing incident that may have affected the security of personal information pertaining to certain individuals.
Account Takeover
Public admin and defence, social security
CC
US
City of Titusville
100
28/10/2021
-
25/8/2021
?
Team Alvarez Insurance
Blue Shield of California discloses that a ransomware attack on an insurance broker, Team Alvarez Insurance Services, has impacted 2,858 Blue Shield members’ information.
Malware
Finance and insurance
CC
US
Blue Shield of California, Team Alvarez Insurance Services
101
28/10/2021
-
-
?
Single individuals
Researchers from Group-IB uncover a large networks of fake shops, phishing websites disguised as card shops, targeting relatively new entrants in the space.
Account Takeover
Individual
CC
>1
Group-IB
102
29/10/2021
29/10/2021
29/10/2021
BlackShadow
Cyberserve
The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services.
Unknown
Professional, scientific and technical
CW
IL
BlackShadow, Cyberserve
103
29/10/2021
Since at least June 2021
-
Hive
Multiple organizations
Researchers from ESET discover a new Hive ransomware variant, able to encrypt Linux and FreeBSD.
Malware
Multiple Industries
CC
>1
ESET, Hive, ransomware
104
29/10/2021
Since 2019
21/11/2019
Pink
Victims in China
Researchers from Qihoo 360’s Netlab discover a huge botnet, tracked as Pink, that already infected over 1.6 million devices to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%).
Malware
Individual
CC
CN
Qihoo 360, Netlab, Pink
105
29/10/2021
Between 25/08/2021 and 07/09/2021
7/9/2021
?
Throckmorten County Memorial Hospital
Throckmorten County Memorial Hospital discovers a malware incident compromising the personal information of 3,136 employees and patients..
Malware
Human health and social work
CC
US
Throckmorten County Memorial Hospital
106
29/10/2021
-
-
BlackByte
Martin County Tax Collector
Martin County Tax Collector is hit with a BlackByte ransomware attack.
Malware
Public admin and defence, social security
CC
US
Martin County Tax Collector, BlackByte, ransomware
107
29/10/2021
Between December 2020 and March 2021
24/6/2021
?
Sea Mar Community Health Centers
Sea Mar Community Health Centers provides notice of a data security incident
Unknown
Human health and social work
CC
US
Sea Mar Community Health Centers
108
29/10/2021
-
19/9/2021
?
Strategic Benefits Advisors
Strategic Benefits Advisors discloses to have been hit with a ransomware attack.
Malware
Administration and support service
CC
US
Strategic Benefits Advisors, ransomware
109
30/10/2021
15/10/2021
-
Conti
Graff
The Conti ransomware gang hits the high society jeweler Graff and threatens to release private details of world leaders, actors and tycoons.
Malware
Wholesale and retail
CC
UK
Conti, ransomware, Graff
110
30/10/2021
30/10/2021
30/10/2021
?
Regional health systems in the Canadian province of Newfoundland and Labrador
The regional health systems in the Canadian province of Newfoundland and Labrador are taken down by a ransomware attack. The outage affects health systems in Central Health, Eastern Health, Western Health, and the Labrador-Grenfell Regional Health authorities.
Malware
Human health and social work
CC
CA
Newfoundland and Labrador, ransomware, Central Health, Eastern Health, Western Health, Labrador-Grenfell Regional Health
111
30/10/2021
29/10/2021
29/10/2021
?
Toronto Transit Commission (TTC)
The Toronto Transit Commission (TTC), which runs the city's public transportation system, reports a ransomware attack
Malware
Transportation and storage
CC
CA
Toronto Transit Commission, TTC, ransomware
112
31/10/2021
-
14/10/2021
?
Professional Healthcare Management (PHM)
Professional Healthcare Management discloses ransomware incident
Malware
Human health and social work
CC
US
Professional Healthcare Management, PHM, ransomware
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
2022 Cyber Attacks Statistics
Leaky Buckets in 2022
The Biggest Data Breaches of 2021
16-28 February 2023 Cyber Attacks Timeline
Cloud-Native Threats in 2021
