Let’s start the new infosec year with the first cyber attacks timeline of December 2021. In this timeline I have collected 123 events, with a daily average number of 8.2 events, a sharp increase compared to the 100 events collected in the previous timeline (corresponding to a daily average number of 6.67 events/day). Ransomware continues to dominate the threat landscape with a percentage of events directly or indirectly characterized by this attack vector corresponding to 23.6% (29 out of 123 events), very close to the value of the previous timeline (22%).

Another constant trend is the impact of vulnerabilities which characterized 14 out of 123 events (corresponding to 11.4% of events and again very close to 10.4% of the previous timeline). December 2021 will be remembered in the annals of cybersecurity for the severe log4shell vulnerability (CVE-2021-44228) targeting Apache log4j servers, additionally threat actors are continuing to exploit vulnerabilities in the Zoho’s products.

The first half of December has also seen a new rise in the number of attacks targeting fintech startups: four entities have been severely hit with a total loss of nearly $380 million worth.

Threat actors motivated by cyber espionage continue to be particularly active, especially Nobelium the threat actor behind the Solarwinds massive supply-chain attack, still pretty active against cloud service providers, and also author of a new campaign against French organizations. Other state-sponsored actors active in this period include: Charming Kitten, APT27, and StrongPity. New threat actors were also discovered using innovative attack techniques such as RTF Injection. At least a threat actor, Nickel, suffered a strong blow when its infrastructure was taken down by security researchers.

Last but not least, another interesting element of this timeline is the discovery of several opeations using fake social media account to manipulate the public opinion (coordinated inauthentic behavior).

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • May 2022 Featured ImageMay 2022 Cyber Attack Statistics

    After the corresponding cyber attacks timelines, it’s time to publish the statistics of May 2022 once again, unsurprisingly, characterized by...

  • Photo by Philipp Katzenberger on Unsplash16-31 May 2022 Cyber Attacks Timeline

    The second timeline of May 2022 is out. In the second half of the month I collected 120 events, corresponding to an average of 7.50 events/day, an important...

  • 2021 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

  • March 2022 Cyber Attacks Statistics

    After the cyber attacks timelines, it’s finally time to publish the statistics of March 2022 (spoiler alert) characterized by the events...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.