Let’s start the new infosec year with the first cyber attacks timeline of December 2021. In this timeline I have collected 123 events, with a daily average number of 8.2 events, a sharp increase compared to the 100 events collected in the previous timeline (corresponding to a daily average number of 6.67 events/day). Ransomware continues to dominate the threat landscape with a percentage of events directly or indirectly characterized by this attack vector corresponding to 23.6% (29 out of 123 events), very close to the value of the previous timeline (22%).

Another constant trend is the impact of vulnerabilities which characterized 14 out of 123 events (corresponding to 11.4% of events and again very close to 10.4% of the previous timeline). December 2021 will be remembered in the annals of cybersecurity for the severe log4shell vulnerability (CVE-2021-44228) targeting Apache log4j servers, additionally threat actors are continuing to exploit vulnerabilities in the Zoho’s products.

The first half of December has also seen a new rise in the number of attacks targeting fintech startups: four entities have been severely hit with a total loss of nearly $380 million worth.

Threat actors motivated by cyber espionage continue to be particularly active, especially Nobelium the threat actor behind the Solarwinds massive supply-chain attack, still pretty active against cloud service providers, and also author of a new campaign against French organizations. Other state-sponsored actors active in this period include: Charming Kitten, APT27, and StrongPity. New threat actors were also discovered using innovative attack techniques such as RTF Injection. At least a threat actor, Nickel, suffered a strong blow when its infrastructure was taken down by security researchers.

Last but not least, another interesting element of this timeline is the discovery of several opeations using fake social media account to manipulate the public opinion (coordinated inauthentic behavior).

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • Image by Pete Linforth from Pixabay1-15 May 2023 Cyber Attacks Timeline

    In the first half of May 2023 I collected 173 events (corresponding to 11.53 events/day), a value that confirms the sustained trend characterizing this year from an information security perspective.

  • November 2023 MotivationsNovember 2023 Cyber Attacks Statistics

    November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.

  • Photo by Towfiqu barbhuiya on UnsplashThe Biggest Data Breaches of 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...

  • Image by wastedgeneration from Pixabay1-15 December 2023 Cyber Attacks Timeline

    In early December 2023, event recordings decreased significantly to 135, with ransomware dominating 35.5% of incidents. The period saw a notable data breach at ESO Solutions, affecting 2.7 million patients, and a $2.7 million crypto theft at OKX. Geopolitical tensions spurred active cyber espionage, with ...

  • 2022 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.