1-15 November 2021 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The second cyber attacks timeline of November 2021 is finally out (you can find the first one here or in the link below)! In the second half of this month I have collected 96 events, with a daily average slightly decreasing to 6.4 events/day from 6,67 events/day. Ransomware continues to dominate the threat landscape but the percentage of events directly or indirectly characterized dropped to 22% from 30.6% of the previous timeline (but despite the decrease, the criminals are still asking for massive ransoms.) I wonder if this is an effect of the increasing pressure of the law enforcement agencies against the ransomware syndicates.

Another common trend of this period is the impact of vulnerabilities: in this timeline they characterized the 12% of events including several ransomware attacks. We have, among the others, a new 0-day for Android (CVE-2021-1048), the Tortilla threat actor exploiting ProxyShell to deploy the Babuk ransomware, and several widespread operations exploiting Zoho’s ManageEngine ADSelfService Plus CVE-2021-4053 (and yes, threat actors continue to exploit SolarWinds’ Serv-U CVE-2021-35211.

Cloud-Native Threats in 2023

Similarly to what I have done in 2022, 2021, and 2020, I am listing those cyber attacks…

The Biggest Data Breaches of 2023

Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches…

16-31 December 2022 Cyber Attack Timeline

Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…

1-15 December 2022 Cyber Attack Timeline

In the first timeline of December, I have collected 147 events (corresponding to 9.8 events/day), a result slightly…

Cloud-Native Threats in 2022

This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…

Photo by Tima Miroshnichenko from Pexels

The Biggest Data Breaches of 2022

Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…

Credits to TheDigitalArtist from Pixabay

16-31 October 2021 Cyber Attacks Timeline

The second cyber attacks timeline of October 2021 is out and brings us a sharp increase in the number of events (111) after the apparent break in the first half of October when I collected 86 events. And let me say that…

Robinhood had the information of approximately 7 million customers compromised, and another decentralized finance (DeFi) platform has bitten the dust, suffering the theft of $55 million worth of crypto assets by a suspected North Korean threat actor.

As usual, the cyber espionage front is quite crowded, a threat actor dubbed DEV-0322 has been very busy to exploit the ManageEngine vulnerability, the Lazarus Group never misses a timeline, along with other well known threat actors such as Lyceum and Kimsuky. Another important cyber espionage campaign characterizing this timeline is the PhoneSpy spyware targeting Android users in South Korea.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/11/2021	-	-	?	Undisclosed third-party contractor	Researchers from Kaspersky reveal that a legitimate Amazon Simple Email Service (SES) token issued to a third-party contractor was recently used by threat actors behind a spear-phishing campaign targeting Office 365 users.	Account Takeover	Unknown	CC	N/A		Kaspersky, Amazon Simple Email Service, SES, Microsoft 365
2	01/11/2021	-	-	?	Undisclosed target(s)	Google releases the Android November 2021 security updates, which address 18 vulnerabilities including CVE-2021-1048, under limited, targeted exploitation.	CVE-2021-1048 Vulnerability	Unknown	N/A	N/A		Google, Android, CVE-2021-1048
3	01/11/2021	During January 2020	During January 2020	Foreign intelligence agency	Several Chinese airlines	Chinese officials say that a foreign intelligence agency hacked several of its airlines in 2020 and stole passenger travel records.	Unknown	Transportation and storage	CE	CN		China
4	01/11/2021	-		Government of Nicaragua and the Sandinista National Liberation Front (FSLN) party.	Facebook users	Facebook announces that it shut down a "troll farm" allegedly run by the government of Nicaragua and the Sandinista National Liberation Front (FSLN) party.	Fake Social Accounts	Individual	H	>1		Facebook, Nicaragua, Sandinista National Liberation Front, FSLN
5	01/11/2021	1/11/2021	1/11/2021	?	Toledo Lucas County Public Library	A cyber attack temporarily shuts down the computer system and website of the Toledo Lucas County Public Library	Unknown	Public admin and defence, social security	CC	US		Toledo Lucas County Public Library
6	01/11/2021	1/11/2021	1/11/2021	netsaosa and g0retrance	Massachusetts Interscholastic Athletic Association (MIAA)	The Massachusetts Interscholastic Athletic Association is defaced.	Defacement	Education	CC	US		netsaosa, g0retrance, MIAA, Massachusetts Interscholastic Athletic Association
7	01/11/2021	5/9/2021	7/9/2021	Pysa	Las Vegas Cancer Center	Las Vegas Cancer Center is hit with a Pysa ransomware attack.	Malware	Human health and social work	CC	US		Las Vegas Cancer Center, Pysa, ransomware
8	01/11/2021	20/5/2020	23/7/2020	?	Urban Resource Institute	Urban Resource Institute discloses a phishing attack.	Account Takeover	Human health and social work	CC	US		Urban Resource Institute
9	01/11/2021	-	-	?	University of Singapore Society (NUSS)	The personal data of 1,355 National University of Singapore Society (NUSS) members are stolen after the society's website is hacked.	Unknown	Education	CC	US		University of Singapore Society, NUSS
10	02/11/2021	-	-	?	Steam gamers	Researchers from Malwarebytes discover an active phishing campaign promoting via Discord and targeting Steam gamers.	Account Takeover	Arts entertainment, recreation	CC	>1		Malwarebytes, Discord, Steam
11	02/11/2021	29/10/2021	29/10/2021	?	National Bank of Pakistan	The National Bank of Pakistan suffers a destructive data-wiping attack.	Malware	Finance and insurance	CC	PK		National Bank of Pakistan
12	02/11/2021	9/3/2021	-	?	Viverant PT	Viverant PT reveals that the personally identifiable information (PII) of current and former patients and employees was affected in a breach after the email of an employee was compromised.	Account Takeover	Human health and social work	CC	US		Viverant PT
13	03/11/2021	Between June 2020 and March 2021	-	Lockean	At least eight French companies	Researchers from France’s Computer Emergency Response Team (CERT) reveal the details of Lockean, a ransomware affiliate group targeting French companies.	Malware	Multiple Industries	CC	FR		Lockean, ransomware
14	03/11/2021	-	-	?	Undisclosed supplier	The UK Labour Party notifies members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data.	Malware	Unknown	CC	UK		UK Labour Party, ransomware
15	03/11/2021	During the recent weeks	-	Mekotio	Banking users in South America	Researchers from Check Point discover a new campaign of the Mekotio banking trojan targeting multiple countries in South America	Malware	Finance and insurance	CC	>1		Check Point, Mekotio
16	03/11/2021	Since October 2021	-	Tortilla	Multiple organizations	Researchers from Cisco Talos reveal the details of Tortilla, a new threat actor hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.	ProxyShell vulnerability	Multiple Industries	CC	>1		Cisco Talos, Tortilla, Microsoft Exchange, ProxyShell, Babuk, Ransomware
17	03/11/2021	-	-	MasterFred	Android users from Poland and Turkey	A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users.	Malware	Finance and insurance	CC	>1		Android, MasterFred, Netflix, Instagram, Twitter, Poland, Turkey
18	03/11/2021	-	-	-	?	Researchers from Malwarebytes discover a new Magecart group that uses a browser script to evade detection and the execution in virtualized environments.	Malicious Script Injection	Wholesale and retail	CC	>1		Malwarebytes, Magecart
19	03/11/2021	Between 03/07/2021 and 13/09/2021	13/9/2021	?	Desert Pain Institute (DPI)	Desert Pain Institute reveals a data security incident that may have resulted in unauthorized access to the sensitive personal information of some former and current patients and employees.	Unknown	Human health and social work	CC	US		Desert Pain Institute, DPI
20	03/11/2021	-	-	?	Danaos Management Consultants	Danaos Management Consultants is hit with a ransomware attack that impacts multiple Greek shipping companies.	Malware	Professional, scientific and technical	CC	GR		Danaos Management Consultants
21	03/11/2021	Between 30/04/2021 and 14/06/2021	-	?	JEV Plastic Surgery & Medical Aesthetics	JEV Plastic Surgery & Medical Aesthetics discloses a malware incident.	Malware	Human health and social work	CC	US		JEV Plastic Surgery & Medical Aesthetics
22	03/11/2021	-	-	?	Domaining.com	Domaining.com is compromised.	Unknown	Professional, scientific and technical	CC	US		Domaining.com
23	03/11/2021	6/10/2021	-	?	Prairie Lakes Healthcare System	Prairie Lakes Healthcare System notifies patients that unauthorized activity disrupted its network.	Unknown	Human health and social work	CC	US		Prairie Lakes Healthcare System
24	03/11/2021	-	3/8/2021	?	Family of Woodstock (FOW)	Family of Woodstock discloses to have suffered a cyber attack compromising the protected health information of 8,214 individuals.	Unknown	Human health and social work	CC	US		Family of Woodstock, FOW
25	03/11/2021	-	-	?	Lakeside School breach	Lakeside School breach reveals a data security incident.	Unknown	Education	CC	US		Lakeside School breach
26	03/11/2021	-	-	Avos Locker	Beaverhead County High School	Beaverhead County High School is hit by an Avos Locker ransomware attack.	Malware	Education	CC	US		Beaverhead County High School. Avos Locker, ransomware
27	04/11/2021	-	-	?	Multiple targets	Threat actors are exploiting a security flaw in GitLab self-hosted servers (CVE-2021-22205) to assemble botnets and launch gigantic distributed denial of service (DDoS) attacks, with some in excess of 1 terabit per second.	DDoS	Multiple Industries	CC	>1		GitLab, CVE-2021-22205
28	04/11/2021	2/8/2021	-	?	Electronic Warfare Associates (EWA)	US defense contractor Electronic Warfare Associates (EWA) discloses a data breach after threat actors hacked their email system and stole files containing personal information.	Account Takeover	Manufacturing	CC	US		Electronic Warfare Associates, EWA
29	04/11/2021	Between 30/10/2021 and 31/11/2021	-	?	Crypto currency users	Researchers from Check Point discover a campaign using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency and able to steal $500,000 worth in few days.	Account Takeover	Fintech	CC	>1		Check Point, Crypto
30	04/11/2021	4/11/2021	4/11/2021	?	Multiple organizations	The popular npm library 'coa' is hijacked with malicious code injected into it.	Malware	Multiple Industries	CC	>1		npm, coa
31	04/11/2021	4/11/2021	4/11/2021	?	Multiple organizations	Even the npm library 'rc configuration loader' is hijacked with malicious code injected into it.	Malware	Multiple Industries	CC	>1		npm, 'rc configuration loader
32	04/11/2021	Early November 2021	Early November 2021	MirCop	Multiple organizations	Researchers from Cofense discover a new phishing campaign pretending to come from a supplier and infecting the users with the MirCop ransomware.	Malware	Multiple Industries	CC	>1		Cofense, MirCop, ransomware
33	04/11/2021	2/11/2021	2/11/2021	?	mySA Gov	South Australia's Department for Infrastructure and Transport confirms that mySA Gov accounts were compromised through a cyber attack.	Unknown	Administration and support service	CC	AU		mySA Gov
34	04/11/2021	21/10/2021	21/10/2021	?	Global communications company	Researchers from Armorblox discover a phishing campaign impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials.	Account Takeover	Information and communication	CC	N/A		Armorblox, Proofpoint, Microsoft 365, Gmail
35	04/11/2021	Since October 2021	-	?	Individual victims	Researchers from Avanan discover a new campaign spoofing a typical Amazon order confirmation.	Account Takeover	Individual	CC	>1		Avanan, Amazon
36	04/11/2021	Between 01/10/2020 and 04/12/2020	4/12/2020	?	Maxim Healthcare	Maxim Healthcare discloses a phishing attack.	Account Takeover	Human health and social work	CC	US		Maxim Healthcare
37	04/11/2021	-	-	?	Jukin Media	Jukin Media is hacked and has its data dumped.	Unknown	Arts entertainment, recreation	CC	US		Jukin Media
38	05/11/2021	"Recently"	-	?	Costco Wholesale Corporation	Costco Wholesale Corporation warns customers that their payment card information might have been stolen while recently shopping at one of its stores after a credit card skimmer was discovered.	Malicious Script Injection	Wholesale and retail	CC	US		Costco Wholesale Corporation
39	05/11/2021	5/11/2021	5/11/2021	Iranian Threat Actor	bZx	BlueNoroff, a North Korean threat actor steaks an estimated $55 million worth of cryptocurrency assets from bZx, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations.	Account Takeover	Fintech	CC	N/A		BlueNoroff, bZx
40	05/11/2021	Over the last year	-	RootAyyıldız	Several tribal-owned casinos	The FBI's Cyber Division reveals that ransomware gangs have hit several tribal-owned casinos, taking down their systems and disabling connected systems.	Malware	Arts entertainment, recreation	CC	US		FBI, ransomware
41	05/11/2021	Since 13/10/2021	-	?	Organizations in Australia	The Australian Cyber Security Center (ACSC) alerts web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP).	CVE-2021-42237 Vulnerability	Professional, scientific and technical	CC	AU		Australian Cyber Security Center, ACSC, CVE-2021-42237, Sitecore Experience Platform, Sitecore XP
42	05/11/2021	-	-	Zebra2104	A number of companies in Australia and Turkey	A report from BlackBerry uncover an initial access broker called "Zebra2104" that has connections to three malicious cybercriminal groups (MountLocker, Phobos and the StrongPity APT) cybercriminal groups.	Multiple techniques	Multiple Industries	CC	AU TR		Zebra2104, Blackberry
43	05/11/2021	Between 07/09/2021 and 08/09/2021	8/9/2021	?	Urology Center of Colorado (TUCC)	The Urology Center of Colorado (“TUCC”) announces a data incident that may have impacted individuals’ information.	Unknown	Human health and social work	CC	US		Urology Center of Colorado, TUCC
44	05/11/2021	-	26/8/2021	Snatch	QRS	QRS suffers a Snatch a ransomware attack.	Malware	Professional, scientific and technical	CC	US		QRS, Snatch, ransomware
45	05/11/2021	-	11/9/2021	?	New York Psychotherapy and Counseling Center (NYPCC)	New York Psychotherapy and Counseling Center reveals that a computer server in their offices had been accessed by an unauthorized third-party.	Unknown	Human health and social work	CC	US		New York Psychotherapy and Counseling Center, NYPCC
46	05/11/2021	Since April 2021	-	Cl0p AKA TA505 and FIN11, Evil Corp	Banking users in Mexico	Researchers from Metabase Q discover three campaigns distributing the Dridex malware in Mexico.	Malware	Finance and insurance	CC	MX		Cl0p, TA505, FIN11, Evil Corp, Dridex
47	06/11/2021	-	23/9/2021	?	Victory Health Partners	Victory Health Partners discloses to have been hit by a ransomware attack.	Malware	Human health and social work	CC	US		Victory Health Partners, ransomware
48	07/11/2021	From mid-September to early October	-	DEV-0322	Multiple organizations	Researchers from Palo Alto discover a widespread campaign resulting in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education, exploiting Zoho's ManageEngine ADSelfService Plus.	CVE-2021-40539 Vulnerability	Multiple Industries	CE	>1		Palo Alto defense, Zoho, ManageEngine ADSelfService Plus, DEV-0322, CVE-2021-40539
49	08/11/2021	3/11/2021	3/11/2021	?	Robinhood	Stock trading platform Robinhood discloses a data breach after their systems were hacked and a threat actor gained access to the personal information of approximately 7 million customers.	Unknown	Finance and insurance	CC	US		Robinhood
50	08/11/2021	8/11/2021	8/11/2021	Hive	MediaMarkt	Electronics retail giant MediaMarkt suffers a Hive ransomware attack with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.	Malware	Wholesale and retail	CC	DE		MediaMarkt, Hive, ransomware
51	08/11/2021	-	-	Cl0p AKA TA505 and FIN11, Evil Corp	Multiple organizations	Researchers from NCC Group reveal that the Cl0p ransomware gang is exploiting CVE-2021-35211, a SolarWinds Serv-U vulnerability, to breach corporate networks and ultimately encrypt its devices.	Malware	Multiple Industries	CC	>1		NCC Group, Cl0p, ransomware, CVE-2021-35211, SolarWinds Serv-U, TA505, FIN11, Evil Corp
52	08/11/2021	-	-	?	Multiple organizations	Microsoft warns to immediately patch CVE-2021-42321, a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.	CVE-2021-42321 Vulnerability	Unknown	N/A	>1		Microsoft, CVE-2021-42321, Exchange Server
53	08/11/2021	Between July and October 2021	-	Lyceum AKA Hexane, Siamesekitten, or Spirlin	ISPs and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia as well as a ministry of foreign affairs (MFA) in Africa.	Researchers from Accenture and Prevailion reveal the details of the latest campaign of the Iranian Lyceum APT, using two distinct malware families, dubbed Shark and Milan.	Targeted Attack	Multiple Industries	CE	>1		Accenture, Prevailion Lyceum APT, Iran, Shark, Milan, Israel, Morocco, Tunisia, Saudi Arabia, Hexane, Siamesekitten, Spirlin
54	08/11/2021	Since at least July 2020	16/10/2021	?	Six Palestinian activists	Members of Frontline Defenders discover the NSO’s Pegasus spyware on the devices of six Palestinian activists.	Targeted Attack	Individual	CE	PS		Frontline Defenders, NSO, Pegasus
55	08/11/2021	Since September 2021	-	DEV-0322	US defence industrial base, higher education, consulting services, and IT sectors.	Even the Microsoft Threat Intelligence Center (MSTIC) detects a campaign from Chinese attackers targeting Zoho's ManageEngine ADSelfService Plus.	CVE-2021-40539 Vulnerability	Multiple Industries	CE	US		Microsoft Threat Intelligence Center, MSTIC, DEV-0322, Zoho, ManageEngine ADSelfService Plus, CVE-2021-40539
56	08/11/2021	-	-	Belarus Cyber-Partisans	Unknown government entity in Belarus	The Belarus Cyber-Partisans claim they have accessed full database of those crossing the country’s borders over the past 15 years.	Unknown	Public admin and defence, social security	H	BY		Belarus Cyber-Partisans
57	08/11/2021	5/11/2021	5/11/2021	MASTER	Angling Direct	An attacker hijacks the systems of Angling Direct, diverting traffic from its websites to Pornhub and threatening to wipe its internal data. The Twitter account is also hijacked.	Account Takeover	Wholesale and retail	CC	UK		Angling Direct, Master
58	09/11/2021	Early November 2021	Early November 2021	?	Medatixx	Medatixx, a German medical software vendor, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations.	Malware	Professional, scientific and technical	CC	DE		Medatixx, ransomware
59	09/11/2021	Since October 2021	-	TeamTNT	Misconfigured Docker Containers	Researchers from Trend Micro discover a new campaign of TeamTNT targeting poorly configured Docker servers to mine cryptocurrency.	Misconfiguration	Multiple Industries	CC	>1		Trend Micro, TeamTNT, Docker
60	09/11/2021	-	-	?	Multiple organizations	Microsoft patches CVE-2021-42292, an Excel zero-day vulnerability exploited in the wild by threat actors.	CVE-2021-42292 Vulnerability	Multiple Industries	N/A	N/A		Microsoft, CVE-2021-42292, Excel
61	09/11/2021	Since July 2021	During July 2021	Shatak AKA TA551 and ITG23 AKA TrickBot and Wizard Spider	Multiple organizations	Researchers from Cybereason reveal the details of a new wave of attacks carried out by a threat actor tracked as Shatak (TA551) in partnership with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems.	Malware	Multiple Industries	CC	>1		Cybereason, Shatak, TA551, ITG23, TrickBot, Wizard Spider, Conti, ransomware
62	09/11/2021	Since at least 14/07/2021	14/7/2021	-	Multiple organizations	Researchers from Qihoo 360’s Netlab security discover a new botnet, tracked as Abcbot, that targets Linux systems to launch distributed denial-of-service (DDoS) attacks.	Malware	Multiple Industries	CC	>1		Qihoo 360, Netlab, Abcbot
63	09/11/2021	16/8/2021	16/8/2021	?	Surecare Specialty	Surecare Specialty discloses a ransomware attack.	Malware	Human health and social work	CC	US		Surecare Specialty, ransomware
64	09/11/2021	-	14/9/2021	?	Mowery Clinic	Mowery Clinic notifies certain patients about a cyberattack detected on September 2021.	Unknown	Human health and social work	CC	US		Mowery Clinic
65	09/11/2021	-	12/07/2021	?	Retinal Consultants Medical Group	Retinal Consultants Medical Group, says it was the victim of a sophisticated cyberattack.	Unknown	Human health and social work	CC	US		Retinal Consultants Medical Group
66	10/11/2021	-	-	Lazarus Group AKA HIDDEN COBRA	Security Researchers worldwide	Researchers from ESET discover a new campaign by the North Korean threat Actor Lazarus Group, targeting security researchers with a trojanized pirated version of the popular IDA Pro reverse engineering application.	Targeted Attack	Individual	CE	>1		ESET, North Korea, Lazarus Group, HIDDEN COBRA, IDA Pro
67	10/11/2021	"Recently"	-	PhoneSpy	Android users in South Korea	Researchers from Zimperium discover an ongoing spyware campaign dubbed 'PhoneSpy' targeting South Korean users.	Malware	Individual	CE	KR		Zimperium, PhoneSpy
68	10/11/2021	Between 09/10/2021 and 27/10/2021	27/10/2021	?	Hewlett Packard Enterprise (HPE)	HPE discloses that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.	Unknown	Professional, scientific and technical	CC	US		Hewlett Packard Enterprise, HPE, Aruba
69	10/11/2021	10/11/2021	10/11/2021	?	Telnyx	Telnyx is the latest VoIP telephony provider targeted with distributed denial-of-service (DDoS)	DDoS	Information and communication	CC	US		Telnyx
70	10/11/2021	-	-	Iranian Threat Actor	Multiple organizations	The Federal Bureau of Investigation (FBI) warns private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.	Account Takeover	Multiple Industries	CE	>1		FBI, Iran
71	10/11/2021	Since at least 2015	-	Void Balaur AKA RocketHack	Multiple organizations	Researchers from Trend Micro reveal the details of Void Balaur, a hacker-for-hire group that has been stealing emails and highly-sensitive information for more than five years, selling it to customers with both financial and espionage goals.	Account Takeover	Multiple Industries	CC/CE	>1		Trend Micro, Void Balaur, RocketHack
72	10/11/2021	Early November 2021	-	?	Android users	Researchers from Kaspersky discover 'Smart TV remote' and 'Halloween Coloring', two new malicious Android apps available in Google Play and hiding the Joker malware.	Malware	Individual	CC	>1		Kaspersky, Smart TV remote, Halloween Coloring, Android, Google Play, Joker
73	10/11/2021	"Recently"	-	Magniber	Targets in Asia	Researchers from Tencent Security reveal that the Magniber ransomware gang is now using CVE-2021-26411 and CVE-2021-40444, two Internet Explorer vulnerabilities to infect users and encrypt their devices.	Malware	Multiple Industries	CC	>1		Tencent Security, Magniber, ransomware, CVE-2021-26411, CVE-2021-40444, Internet Explorer
74	10/11/2021	7/11/2021	7/11/2021	?	Diamond Comic Distributors	Major comic book company Diamond Comic Distributors is hit with a ransomware attack.	Malware	Information and communication	CC	US		Diamond Comic Distributors
75	10/11/2021	-	-	?	Multiple organizations	Researchers from Kaspersky discover multiple phishing campaigns exploiting LinkedIn.	Account Takeover	Multiple Industries	CC	>1		Kaspersky, LinkedIn
76	10/11/2021	During August 2021	-	Cl0p AKA TA505 and FIN11, Evil Corp	Stor-a-File	Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP software.	Malware	Professional, scientific and technical	CC	UK		Stor-a-File, SolarWinds, Serv-U FTP, CVE-2021-35211, Cl0p AKA TA505, FIN11, Evil Corp, Ransomware
77	10/11/2021	-	-	Distributed Denial of Secrets (DDoSecrets)	American law enforcement agencies in Texas and Georgia	19 TB of a video apparently stolen from American law enforcement agencies in Texas and Georgia is leaked online.	Unknown	Public admin and defence, social security	H	US		Distributed Denial of Secrets, DDoSecrets
78	10/11/2021	Between 06/10/2021 and 08/10/2021	-	?	Individuals in Nicaragua	A research by Nisos reveals that hundreds of fake Twitter accounts targeted opposition candidates and urged citizens not to vote in the November 28 Honduran presidential election.	Fake Social Accounts	Individual	H	NI		Nisos
79	11/11/2021	During 2016	-	Andrew	Booking.com	An investigation reveals that Booking.com was illegally accessed by an American attacker in 2016. The attacker, said to have connections with a US intelligence agency, is believed to have stolen "details of thousands of hotel reservations in countries in the Middle East.	Misconfiguration	Accommodation and food service	CC	NL		Andrew, Booking.com
80	11/11/2021	Between August 2020 and May 2021	-	?	SunWater	A report reveals that hackers stayed hidden for nine months on a server holding customer information for SunWater a Queensland water supplier.	Unknown	Water supply, waste mgmt, remediation	CC	AU		SunWater
81	11/11/2021	-	-	BotenaGo	Millions of routers and IoT devices.	Researchers at AT&T Alien Labs discover BotenaGo, a malware botnet using over thirty exploits to attack millions of routers and IoT devices with more than 30 exploits.	Multiple vulnerabilities	Multiple Industries	CC	>1		Researchers at AT&T Alien Labs, BotenaGo, IoT
82	11/11/2021	Early November 2021	Early November 2021	?	Multiple targets	Researchers from Sophos discover a new campaign abusing the Windows 10 App Installer to deploy the BazarLoader malware.	Malware	Multiple Industries	CC	>1		Sophos, Windows 10, BazarLoader
83	11/11/2021	-	-	?	Multiple organizations	Researchers from Microsoft warn about a surge in malware campaigns using HTML smuggling to distribute banking malware and remote access trojans (RAT).	HTML smuggling	Multiple Industries	CC	>1		Microsoft, HTML smuggling
84	11/11/2021	-	-	?	Android users	Researchers from Cyble discover a new campaign delivering the GravityRAT remote access trojan in disguise of an end-to-end encrypted chat application called SoSafe Chat.	Malware	Individual	CC	>1		Cyble, GravityRAT, SoSafe Chat
85	11/11/2021	Since late October 2021	Since late October 2021	SharkBot	Android users	Researchers from Cleafy and ThreatFabric reveal the details of SharkBot, a new Android banking trojan capable of hijacking users’ smartphones and emptying out e-banking and cryptocurrency accounts.	Malware	Finance and insurance	CC	>1		Cleafy, ThreatFabric, SharkBot, Android
86	11/11/2021	Since at least August 2021	During August 2021	?	macOS users in Hong Kong	Researchers from Google reveal that a suspected state-sponsored threat actor has used Hong Kong pro-democracy news sites to deploy a macOS zero-day (CVE-2021-30869), installing a malware strain named MACMA or OSX.CDDS	Targeted Attack	Individual	CE	HK		Google, macOS, MACMA, OSX.CDDS, CVE-2021-30869
87	11/11/2021	Since June 2021	-	Kimsuky	Think tanks in South Korea	Researchers from Cisco Talos reveal the details of the latest campaign of the Kimsuky APT targeting think tanks in the South through malware-laden blog posts.	Targeted Attack	Other service activities	CE	KR		Cisco Talos. Kimsuky APT
88	11/11/2021	11/10/2021	11/10/2021	?	Autonomous University of Barcelona	Autonomous University of Barcelona servers are still down a month after suffering a ransomware attack.	Malware	Education	CC	ES		Autonomous University of Barcelona, ransomware
89	11/11/2021	Since at least September 2021	During September 2021	?	Multiple organizations	Researchers rom Avanan discover a new Business Email Compromise Campaign using a tiny font size (One Font) to evade detection.	Account Takeover	Multiple Industries	CC	>1		Avanan, Business Email Compromise, One Font
90	11/11/2021	11/11/2021	11/11/2021	?	Southern Ohio Medical Center	The Southern Ohio Medical Center is hit with a cyber attack.	Unknown	Human health and social work	CC	US		Southern Ohio Medical Center
91	11/11/2021	-	-	?	Utah Imaging Associates	Utah Imaging Associates has started notifying 583,643 patients about a cyberattack	Unknown	Professional, scientific and technical	CC	US		Utah Imaging Associates
92	12/11/2021	Since the end of September 2021	End of September 2021	QBot	Banking users	Researchers from Trend Micro discover a new campaign distributing the Qbot banking malware using the Squirrelwaffle loader.	Malware	Finance and insurance	CC	>1		Trend Micro, Qbot , Squirrelwaffle
93	12/11/2021	9/11/2021	9/11/2021	?	Sociedad Anónima Damm	Sociedad Anónima Damm, Spain’s second-biggest brewery, is paralyzed by a cyber attack.	Unknown	Accommodation and food service	CC	ES		Sociedad Anónima Damm
94	12/11/2021	10/11/2021	10/11/2021	Conti	Kisters AG	Kisters AG is hit with a ransomware attack.	Malware	Manufacturing	CC	DE		Kisters AG, Conti, Ransomware
95	13/11/2021	13/11/2021	13/11/2021	?	Federal Bureau of Investigation (FBI)	The Federal Bureau of Investigation (FBI) email servers are hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen.	Misconfiguration	Public admin and defence, social security	CC	US		Federal Bureau of Investigation, FBI
96	13/11/2021	Earlier in the same week	Earlier in the same week	-	Undisclosed target	Cloudflare reveals to have detected and mitigated a DDoS attack that peaked just below 2 Tbps — the largest seen to date.	DDoS	Unknown	CC	N/A		Cloudflare
97	14/11/2021	-	-	?	Rideau Valley Health Centre	Rideau Valley Health Centre is hit with a ransomware attack.	Malware	Human health and social work	CC	CA		Rideau Valley Health Centre, ransomware
98	15/11/2021	Since September 2021	-	MosesStaff	Multiple organizations in Israel	Researchers from Check Point reveal the details of Moses, a new group that has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated.	Multiple vulnerabilities	Multiple Industries	H	IL		Check Point, MosesStaff
99	15/11/2021	-	-	Multiple threat actors	Misconfigured Alibaba Elastic Computing Service (ECS) instances	Researchers from Trend Micro reveal that threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.	Misconfiguration	Multiple Industries	CC	>1		Trend Micro, Alibaba Elastic Computing Service, ECS
100	15/11/2021	15/11/2021	15/11/2021	Emotet	Multiple organizations	Multiple security researchers discover a new campaign distributing the Emotet botnet via TrickBot.	Malware	Multiple Industries	CC	>1		Emotet, TrickBot
101	15/11/2021	Early November 2021	Early November 2021	?	Misconfigured WordPress sites	Researchers from Sucuri discover a new wave of attacks hacking close to 300 WordPress sites to display fake encryption notices.	Misconfiguration	Multiple Industries	CC	>1		Sucuri, WordPress
102	15/11/2021	Late September 2021	Late September 2021	Phosphorus (aka APT35, Charming Kitten, Newscaster, TA453, Magic Hound	Undisclosed organizations	Attackers from the Iranian state-sponsored actor Phosphorus compromise an undisclosed organization via the ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) to deploy ransomware.	Malware	Unknown	CC	N/A		Phosphorus, APT35, Charming Kitten, Newscaster, TA453, Magic Hound, ProxyShell, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, ransomware.
103	15/11/2021	15/9/2021	13/10/2021	?	California Pizza Kitchen (CPK)	California Pizza Kitchen (CPK) reveals a data breach that exposed the Social Security numbers of more than 100,000 current and former employees after a 'disruption' detected on its systems.	Account Takeover	Multiple Industries	CC	>1		California Pizza Kitchen, CPK
104	15/11/2021	15/11/2021	15/11/2021	Wealth Squad Chris	New Hanover Regional Medical Center	The Twitter account of New Hanover Regional Medical Center is hacked.	Account Takeover	Human health and social work	CC	US		New Hanover Regional Medical Center, Twitter, Wealth Squad Chris
105	15/11/2021	22/05/2021	13/09/2021	?	Community Eye Clinic	Community Eye Clinic reveals that an unauthorized individual from outside the United States gained access to the network of an affiliated eye clinic and stole information contained in the clinic’s database.	Unknown	Human health and social work	CC	US		Community Eye Clinic
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

SUPPORT MY WORK!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

Q3 2023 Cyber Attacks Statistics
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
Q4 2022 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published during Q4 2022) In total I collected...
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.