16-31 December 2021 Cyber Attacks Timeline

Views: 6,892
EVENTS
0
EVENTS/DAY
0
EVENTS
0
EVENTS/DAY

View Paolo Passeri's LinkedIn profile Connect on Linkedin

Here we go with the last cyber attacks timeline of 2021 where i have collected 91 events (5.7 per day), meaning that apparently the Christmas season has lead to a decrease from the 126 events collected in the previous timeline.

Even in the second fortnight of December, ransomware dominates the threat landscape but the percentage of events directly or indirectly characterized by this attack vector drops to 18.7% from 23.6% (17 out of 91 events), despite the number could be even higher since in many cases the targeted organizations mention generic outages.

And unsurprisingly the impact of vulnerabilities continue to grow characterizing, directly or indirectly 15 out of 91 events (corresponding to 16.5%), a sharp increase compared to 11.4% of the previous timeline whose main “merit” goes to the Log4Shell CVE-2021-44228 vulnerability massively exploited by cyber criminals (including ransomware gangs) and state-sponsored threat actors.

The cyber espionage front continues to be quite crowded, even because in this fortnight there have been multiple surveillance operations unearthed by security researchers targeting politicians and opponents in multiple countries such as Poland and Egypt, carried out via an old acquaintance such as the infamous Pegasus spyware, but also via  additional cyber mercenaries such as Cytrox, whose infrastructure has been taken down by Meta, the company behind Facebook.

Besides the so’-called cyber mercenaries, the timeline is also characterized by state sponsored actors such as APT10, APT28, Turla, and Aquatic Panda, a new actor ready to jump on the Log4Shell bandwagon.

And, just to close this brief description, the massive hacks against fintech startups continued also in the second fortnight of December with two additional events, one of which, unsurprisingly was carried out exploiting the Log4Shell vulnerability.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

ID Date Reported Date Occurred Date Discovered Author Target Description Attack Target Class Attack Class Country Link Tags
1 16/12/2021 Since at least January 2021 During June 2021 PseudoManuscrypt Multiple organizations Researchers from Kaspersky discover the PseudoManuscrypt campaign targeting more than 35,000 computers in 195 countries. Malware Multiple Industries CE >1 Kaspersky, PseudoManuscrypt
2 16/12/2021 - - ? United States Commission on International Religious Freedom (USCIRF) Researchers from Avast reveal that a sophisticated threat actor has gained access and has backdoored the internal network of a US federal government agency. Targeted Attack Public admin and defence, social security CE US Avast, United States Commission on International Religious Freedom, USCIRF
3 16/12/2021 - - Twizt Multiple organizations Researchers from Check Point discover a new variant of the Phorpiex botnet, known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping and ransomware spread, called “Twizt” and using a peer-to-peer command and control infrastructure. Malware Multiple Industries CC >1 Check Point, Phorpiex, Twizt
4 16/12/2021 - - Khonsari Self-hosted Minecraft servers Microsoft urges admins of self-hosted Minecraft servers to upgrade to the latest release to defend against Khonsari ransomware attacks exploiting the critical Log4Shell security vulnerability. CVE-2021-44228 Vulnerability Arts entertainment, recreation CC >1 Microsoft, Minecraft, Khonsari, ransomware, Log4Shell, CVE-2021-44228
5 16/12/2021 - - Cobwebs Technologies Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, Cobwebs Technologies
6 16/12/2021 - - Cognyte Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, Cognyte
7 16/12/2021 - - Black Cube Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, Black Cube
8 16/12/2021 - - Bluehawk CI Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, Bluehawk CI
9 16/12/2021 - - BellTroX Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, BellTroX
10 16/12/2021 - - Cytrox Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, Cytrox
11 16/12/2021 - - Unknown entity in China Facebook users Facebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world. Fake Social Accounts Individual CE >1 Facebook, China
12 16/12/2021 - 15/10/2021 ? Tackle Warehouse LLC Running Warehouse LLC Tennis Warehouse LLC Skate Warehouse LLC Four affiliated online sports gear sites disclose a cyberattack where threat actors stole credit cards for 1,813,224 customers. Unknown Wholesale and retail CC US "Tackle Warehouse LLC, Running Warehouse LLC, Tennis Warehouse LLC, Skate Warehouse LLC"
13 16/12/2021 Late November 2021 Late November 2021 ? Virginia Museum of Fine Arts An information technology system security breach prompts the Virginia Museum of Fine Arts to shut down its website for a state investigation, Unknown Arts entertainment, recreation CC US Virginia Museum of Fine Arts
14 16/12/2021 Mid November 2021 Mid November 2021 Noberus Multiple organizations Researchers from Symantec reveal the details of Noberus, the first ransomware written in Rust. Malware Multiple Industries CC >1 Symantec, Noberus, ransomware, Rust
15 16/12/2021 During June 2021 - Egyptian Government? Ayman Nour (Egyptian politician vocal opponent of current President Abdel Fattah Al-Sisi) Citizen Lab reveals that the iPhone of the Egyptian politician Ayman Nour was hacked by two different government hacking groups, using spyware made by NSO Group and Cytrox Malware Individual CE EG Ayman Nour, Abdel Fattah Al-Sisi, Pegasus, BSO Group, Cytrox
16 16/12/2021 During June 2021 - Egyptian Government? Ayman Nour (Egyptian politician vocal opponent of current President Abdel Fattah Al-Sisi) Citizen Lab reveals that the iPhone of the Egyptian politician Ayman Nour was hacked by two different government hacking groups, using spyware made by NSO Group and Cytrox Malware Individual CE EG Ayman Nour, Abdel Fattah Al-Sisi, Pegasus, NSO Group, Cytrox
17 16/12/2021 During June 2021 - Egyptian Government? Anonymous Egyptian journalist, Citizen Lab finds traces of the Pegasus Spyware even in the phone of an anonymous Egyptian journalist. Malware Individual CE EG Pegasus, NSO Group, Cytrox
18 16/12/2021 - 31/10/2021 ? VPN Solutions LLC VPN Solutions LLC is hit by a ransomware attack and multiple covered entities still can't access their data two month after the incident. Malware Professional, scientific and technical CC US VPN Solutions LLC, ransomware
19 17/12/2021 - - Conti VMware vCenter Server instances Researchers from AdvIntel reveal that the Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. CVE-2021-44228 Vulnerability Multiple Industries CC >1 AdvIntel, Conti, Log4Shell, ransomware, VMware vCenter Server, CVE-2021-44228
20 17/12/2021 Since late October 2021 - Multiple APT actors Multiple organizations The FBI's cyber division issues an alert warning enterprises using Zoho-owned ManageEngine's Desktop Central that advanced attackers have been exploiting CVE-2021-44515 to install malware since late October. CVE-2021-44515 vulnerability Multiple Industries CE US FBI, Zoho, ManageEngine, Desktop Central, CVE-2021-44515
21 17/12/2021 During October 2021 - Conti Finite Recruitment IT recruitment firm Finite Recruitment confirms it experienced a cyber incident in October, which resulted in a "small subset" of the company's data being downloaded and published on the dark web. Malware Administration and support service CC AU Finite Recruitment
22 17/12/2021 - - APT10 Multiple organizations Researchers from SecurityScorecard discover malicious activity by the Chinese threat actor APT10 trying to exploit the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Multiple Industries CE >1 SecurityScorecard, APT10, Log4Shell, CVE-2021-44228
23 17/12/2021 - - APT28 Multiple organizations Researchers from SecurityScorecard discover malicious activity by the Russian threat actor APT28 trying to exploit the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Multiple Industries CE >1 SecurityScorecard, APT28, Log4Shell, CVE-2021-44228
24 17/12/2021 - - Turla Multiple organizations Researchers from SecurityScorecard discover malicious activity by the Russian threat actor Turla trying to exploit the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Multiple Industries CE >1 SecurityScorecard, Turla, Log4Shell, CVE-2021-44228
25 17/12/2021 - - Ursnif Multiple organizations Researchers from SecurityScorecard discover malicious activity by the Russian threat actor Ursnif trying to exploit the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Multiple Industries CC >1 SecurityScorecard, Ursnif, Log4Shell, CVE-2021-44228
26 17/12/2021 - - Grizzly Steppe Multiple organizations Researchers from SecurityScorecard discover malicious activity by the Russian threat actor Grizzly Steppe trying to exploit the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Multiple Industries CE >1 SecurityScorecard, Grizzly Steppe, Log4Shell, CVE-2021-44228
27 17/12/2021 During November 2021 - ? Medical Review Institute of America (MRIoA) The Medical Review Institute of America notifies patients of a ransomware incident. Malware Professional, scientific and technical CC US The Medical Review Institute of America, MRIoA, ransomware
28 17/12/2021 - - ? Android users The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. The app was downloaded more than 500,000 times before its removal from the store. Malware Individual CC >1 Android, Joker, Google Play, Color Message.
29 18/12/2021 18/12/2021 18/12/2021 Sharp Boys Tiyuli A hacker group called Sharp Boys announces that it had hacked two Israeli hiking websites leaking the information of 100,000 users and offering the information of around three million people for sale. Unknown Arts entertainment, recreation CC IL Sharp Boys, Tiyuli
30 18/12/2021 18/12/2021 18/12/2021 Sharp Boys Lametayel A hacker group called Sharp Boys announces that it had hacked two Israeli hiking websites leaking the information of 100,000 users and offering the information of around three million people for sale. Unknown Wholesale and retail CC IL Sharp Boys, Lametayel
31 19/12/2021 19/12/2021 19/12/2021 ? Grim Finance DeFi protocol Grim Finance says about $30 million was stolen this weekend by hackers exploiting a vulnerability in their platform. Vulnerability Fintech CC N/A Grim Finance
32 19/12/2021 During October 2021 - Cl0p UK Police The Cl0p ransomware gang publishes confidential data held by UK Police on the dark web. Malware Public admin and defence, social security CC UK Cl0p, ransomware, UK Police
33 20/12/2021 16/12/2021 16/12/2021 ? Belgium's ministry of defense The Belgium's ministry of defense confirms it was hit by a cyberattack, where threat actors allegedly exploited the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Public admin and defence, social security N/A BE Belgium's ministry of defense, Log4Shell, CVE-2021-44228
34 20/12/2021 - - ? Ubisoft Ubisoft confirms a cyberattack on its IT infrastructure targeting the popular game Just Dance. Misconfiguration Arts entertainment, recreation CC FR Ubisoft
35 20/12/2021 19/12/2021 19/12/2021 BlackCat AKA ALPHV Inetum Group French IT services company Inetum Group is hit by a ransomware attack Malware Professional, scientific and technical CC FR Inetum Group, BlackCat, ALPHV
36 20/12/2021 Between 15/08/2021 and 10/12/2021 - ? Multiple organizations A report from INKY reveal the details of a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. Account Takeover Multiple Industries CC >1 INKY, Pfizer
37 20/12/2021 - - Dridex Multiple organizations Threat actors are exploiting the critical Apache Log4j vulnerability (Log4Shell) to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. CVE-2021-44228 Vulnerability Finance and insurance CC >1 Apache Log4Shell, Dridex, CVE-2021-44228
38 20/12/2021 Since 2019 Since March 2021 Multiple threat actors Facebook users Meta, the parent company for Facebook, Instagram, and WhatsApp, files a lawsuit against the operators of more than 39,000 phishing sites that have been hosted through the Ngrok service. Account Takeover Individual CC >1 Meta, Facebook, Instagram, WhatsApp, Ngrok
39 20/12/2021 Between 09/08/2021 and 15/08/2021 19/10/2921 ? Texas Ear, Nose and Throat Specialists (Texas ENT) More than half a million patients are impacted by a data breach at US healthcare provider Texas Ear, Nose and Throat Specialists (Texas ENT). Unknown Human health and social work CC US Texas Ear, Nose and Throat Specialists, Texas ENT
40 20/12/2021 - - Kinsing Vulnerable Apache Log4j servers Researchers from Sophos reveal that the Kinsing miner botnet is dominating the attempts to exploit the Log4Shell vulnerability. CVE-2021-44228 Vulnerability Multiple Industries CC >1 Sophos, Kinsing, Log4Shell
41 20/12/2021 20/12/2021 20/12/2021 ? CompuGroup Medical CompuGroup Medical is hit with a ransomware attack. Malware Professional, scientific and technical CC DE CompuGroup Medical, ransomware
42 20/12/2021 20/12/2021 20/12/2021 ? Big White The Big White resort notifies of a potential data breach due to possible malware. Malware Arts entertainment, recreation CC US Big White
43 20/12/2021 During the previous week During the previous week ? Coombe Women and Infants University Hospital Coombe Women and Infants University Hospital confirms to have been hit with a ransomware attack. Malware Human health and social work CC IE Coombe Women and Infants University Hospital, ransomware
44 21/12/2021 During 2021 During 2021 ? Individuals Researchers from Group-IB, discover a worldwide scam campaign impersonating famous brands, and targeting users in over 90 countries all around the world, including the United States, Canada, South Korea, and Italy. Fake Web Sites Individual CC >1 Group-IB
45 21/12/2021 Since at least October 2021 - ? Abcbot Researchers from Cado Security discover a new version of the Abcbot botnet, targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu, Alibaba Cloud, and Huawei cloud. Misconfiguration Multiple Industries CC CN Cado Security, Abcbot, Tencent, Baidu, Alibaba Cloud, Huawei cloud
46 21/12/2021 Between 03/08/2021 and 05/08/2021 5/8/2021 ? Rhode Island Public Transit Authority (RIPTA) The Rhode Island Public Transit Authority sends out a notice saying that it identified a "security incident leading to the exfiltration of data including information about RIPTA health plans with Social Security numbers, addresses, dates of birth. Unknown Transportation and storage CC US Rhode Island Public Transit Authority, RIPTA
47 21/12/2021 - - UAE Government Hanan Elatr, wife of deceased Saudi journalist Jamal Khashoggi Citizen Lab reveals that the UAE used the NSO Group's Pegasus trojan to hack and track the phone of Hanan Elatr, wife of deceased Saudi journalist Jamal Khashoggi. Malware Individual CE EG Citizen Lab, NSO Group, Pegasus, Hanan Elatr, Jamal Khashoggi.
48 21/12/2021 Between 10/05/2021 and 15/08/2021 28/7/2021 ? Monongalia Health System Monongalia Health System suffers a data breach resulting from a phishing attack, which gave hackers access to several email accounts. Account Takeover Human health and social work CC US Monongalia Health System
49 21/12/2021 - - ? Unknown Organizations The UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU discover and donate to the community a 225 million cache of stolen emails and passwords. Unknown Unknown CC >1 UK National Crime Agency, NCA, National Cyber Crime Unit, NCCU
50 21/12/2021 - - ? Multiple organizations Researchers from Sophos release details of a novel exploit that bypasses a patch for the critical vulnerability CVE-2021-40444 affecting the Microsoft Office file format, to install the Formbook malware. CVE-2021-40444 Vulnerability Multiple Industries CC >1 Sophos, CVE-2021-40444, Microsoft Office, Formbook
51 21/12/2021 Over the past five years - ? British Council The British Council has fallen victim to two successful ransomware attacks over the past five years. Malware Public admin and defence, social security CC UK British Council, Ransomware
52 21/12/2021 18/11/2021 18/11/2021 ? Luxemburg-Casco School District Luxemburg-Casco School District discloses a data security incident that resulted in unauthorized access to 1,399 individuals’ personal information. Unknown Education CC US Luxemburg-Casco School District
53 21/12/2021 - 1/11/2021 ? Monterey Peninsula Unified School District The Monterey Peninsula Unified School District notifies current and former employees of a data security incident that they discovered on or about November 1. Unknown Education CC US Monterey Peninsula Unified School District
54 21/12/2021 Between 11/05/2021 and 02/08/2021 25/10/2021 ? Welfare Pension and Annuity Funds of Local No ONE IATSE Welfare Pension and Annuity Funds of Local No ONE IATSE notifies 20,579 individuals about an email security incident that resulted in the exposure of sensitive data. Account Takeover Finance and insurance CC US Welfare Pension and Annuity Funds of Local No ONE IATSE
55 22/12/2021 - - Dridex Banking users A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. Malware Finance and insurance CC US Dridex
56 22/12/2021 Over the past few weeks - Avos Locker Multiple organizations A report from Sophos reveals that the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions by rebooting compromised systems into Windows Safe Mode. Malware Multiple Industries CC >1 Sophos, Avos Locker
57 22/12/2021 Since at least October 2021 During October 2021 ? CoinSpot cryptocurrency exchange users Researchers from Cofense discover a new phishing campaign targeting CoinSpot cryptocurrency exchange users Account Takeover Fintech CC >1 Cofense, CoinSpot
58 22/12/2021 - 14/11/2021 ? Millennium Eye Care Millennium Eye Care discloses a ransomware incident. Malware Human health and social work CC US Millennium Eye Care, ransomware
59 23/12/2021 - - ? Undisclosed government entity in Albania A massive data breach exposes the data on the salaries and personal information of 637,138 Albanian residents working in the private and public sectors. Unknown Public admin and defence, social security CC AL Albania
60 23/12/2021 - - ? Multiple organizations Researchers from Elastic Security uncover a stealthy malware campaign that leverages valid code signing certificates to evade detection. The campaign is also used to drop a second stage payload called BLISTER. Malware Multiple Industries CC >1 Elastic, BLISTER
61 23/12/2021 Since at least mid December 2021 - ? Banking users of Itaú Unibanco Researchers from Cyble discover a new Android banking trojan targeting Itaú Unibanco and using a fake Google Play page to trick visitors into thinking they are installing the app from a trustworthy service. Malware Finance and insurance CC BR Cyble, Android, Itaú Unibanco, Google Play
62 23/12/2021 Since at least November 2021 Since at least November 2021 Rook Multiple organizations Researchers from SentinelOne discover a new ransomware operation named Rook, derived from the leaked Babuk ransomware code. Malware Multiple Industries CC >1 SentinelOne, ransomware, Rook, Babuk
63 23/12/2021 Between 26/04/2019 and 23/10/2019 - Polish Government? Polish Senator Krzysztof Brejza Citizen Lab reveals that Polish Senator Krzysztof Brejza was hacked using the NSO Group's Pegasus spyware 33 times between April 26, 2019 and October 23, 2019. Malware Individual CE PL Citizen Lab, Krzysztof Brejza, NSO Group, Pegasus
64 23/12/2021 - - Polish Government? Polish prosecutor Ewa Wrzosek Citizen Lab reveals that Pegasus was also used to hack into the phones of Polish prosecutor Ewa Wrzosek and Roman Giertych, a lawyer for Brejza's party Civic Platform. Malware Individual CE PL Citizen Lab, Ewa Wrzosek, NSO Group, Pegasus
65 23/12/2021 - - Polish Government? Roman Giertych Citizen Lab reveals that Pegasus was also used to hack into the phones of Polish prosecutor Ewa Wrzosek and Roman Giertych, a lawyer for Brejza's party Civic Platform. Malware Individual CE PL Citizen Lab, Roman Giertych, NSO Group, Pegasus
66 23/12/2021 - - ? Single individuals Researchers from ReasonLabs discover a campaign inserting Monero miners to the Russian torrent files of the "Spider-Man: No Way Home" movie. Malware Arts entertainment, recreation CC >1 ReasonLabs, Monero, "Spider-Man: No Way Home"
67 23/12/2021 Between 13/12/2021 and 19/12/2021 13/12/2021 ? USCellular USCellular discloses a data breach after the company's billing system was hacked in December 2021 when the company detected an unauthorized access. Unknown Information and communication CC US Uscellular
68 23/12/2021 "Recently" "Recently" ? Crypto-wallets of Telegram users Researchers from Safeguard reveal that attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer. Malware Fintech CC >1 Safeguard, Telegram, Echelon
69 24/12/2021 3/12/2021 - Conti Shutterfly Photography and personalized photo giant Shutterfly suffers a Conti ransomware attack. Malware Arts entertainment, recreation CC US Shutterfly, Conti, ransomware
70 24/12/2021 During December 2021 - Dridex Banking users A new Dridex malware phishing campaign exploits the Omicron COVID-19 variant lure. Malware Finance and insurance CC US Dridex
71 24/12/2021 Between 11/12/2021 and 13/12/2021 - ? ONUS ONUS, one of the largest Vietnamese crypto trading platforms, suffers a cyber attack on its payment system running a vulnerable Log4j version. The threat actors approached ONUS to extort a $5 million sum. CVE-2021-44228 Vulnerability Fintech CC VN ONUS, Log4j, Log4Shell, CVE-2021-44228
72 24/12/2021 17/12/2021 - ? Capital Region Medical Center (CRMC) Capital Region Medical Center (CRMC) confirms it was the victim of a cyber attack. Unknown Human health and social work CC US Capital Region Medical Center, CRMC
73 24/12/2021 - 23/8/2021 ? Weddell Pediatric Dental Specialists Weddell Pediatric Dental Specialists notifies 5,356 individuals that an unauthorized individual gained access to an employee’s email account that contained their protected health information. Account Takeover Human health and social work CC US Weddell Pediatric Dental Specialists
74 24/12/2021 Between 21/10/2021 and 27/10/2021 27/10/2021 ? Duneland School Corporation Duneland School Corporation notifies employees and dependents of a data breach. Unknown Education CC US Duneland School Corporation
75 24/12/2021 "Shortly before Christmas" "Shortly before Christmas" ? German Pharmacists’ Association (DAV). The German Pharmacists’ Association (DAV) is the target of a phishing attack aimed to falsify vaccination data. Account Takeover Human health and social work CC DE German Pharmacists’ Association, DAV
76 27/12/2021 Between 19/12/2021 and 26/12/2021 - eCh0raix AKA QNAPCrypt Misconfigured QNAP devices Users of QNAP NAS devices report attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. Malware Multiple Industries CC >1 QNAP, eCh0raix, ransomware, QNAPCrypt
77 27/12/2021 - - ? Multiple organizations Several malicious campaigns are abusing the Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Malware Multiple Industries CC >1 Microsoft Build Engine, MSBuild, Cobalt Strike
78 27/12/2021 - 16/12/2020 ? Florida Digestive Health Specialists LLP Florida Digestive Health Specialists LLP notifies more than 212,500 individuals of a December 2020 breach involving business email compromise and fraud. Account Takeover Human health and social work CC US Florida Digestive Health Specialists LLP
79 28/12/2021 Since October 2020 - BlackTech Japanese Companies Researchers from NTT Security detect the BlackTech cyber-espionage APT group targeting Japanese companies using a novel malware that researchers call ‘Flagpro’. Targeted Attack Multiple Industries CE JP NTT Security, BlackTech, Flagpro
80 28/12/2021 - - ? T-Mobile users T-Mobile confirms that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" who fell victim to SIM swap attacks. Account Takeover Information and communication CC US T-Mobile
81 28/12/2021 28/12/2021 28/12/2021 ? LastPass users Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. Credential Stuffing Individual CC >1 LastPass
82 28/12/2021 28/12/2021 28/12/2021 ? Amedia Amedia, the largest local news publisher in Norway, announces that several of its central computer systems were shut down in what it is calling an apparent “serious” cyberattack. Unknown Information and communication CC NO Amedia
83 28/12/2021 Since 2020 - ? Iranian organizations Researchers from Amnpardaz, an Iranian security company, discover iLOBleed, a rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations. Malware Multiple Industries CW IR Amnpardaz, iLOBleed, HP
84 28/12/2021 - - AQUATIC PANDA Multiple organizations Researchers from Crowdstrike reveal that the threat actor dubbed AQUATIC PANDA is trying to exploit the Log4Shell CVE 2021-44228 vulnerability. Targeted Attack Multiple Industries CE >1 Crowdstrike, AQUATIC PANDA, Log4Shell, CVE 2021-44228
85 28/12/2021 1/8/2021 1/8/2021 ? Brown County Brown County confirms a malware security breach occurred on August 2021. Malware Public admin and defence, social security CC US Brown County
86 28/12/2021 25/12/2021 25/12/2021 ? Saskatchewan Liquor and Gaming Authority (SLGA) The Saskatchewan Liquor and Gaming Authority (SLGA) reports that it has temporarily disabled certain computer systems and applications, as it investigates a cybersecurity incident that occurred on Dec. 25. Unknown Public admin and defence, social security CC CA Saskatchewan Liquor and Gaming Authority, SLGA
87 29/12/2021 - - Avos Locker Unnamed US Police Department The Avos Locker ransomware operation provides a free decryptor after learning they encrypted a US government agency. Malware Public admin and defence, social security CC US Avos Locker, ransomware
88 29/12/2021 Since 2019 - ? Misconfigured Docker systems Researchers from Aquasec reveal the details of a cryptomining campaign targeting misconfigured Docker APIs and able to avoid detection since 2019. Misconfiguration Multiple Industries CC >1 Aquasec, Docker
89 29/12/2021 - - ? Khyber Pakhtunkhwa Police Khyber Pakhtunkhwa Police is hit by an apparent cyberattack and data is put up for sale on the internet. Unknown Public admin and defence, social security CC PK Khyber Pakhtunkhwa Police
90 29/12/2021 27/12/2021 27/12/2021 ? Crawford County Assessor’s Office Crawford County Assessor’s Office is hit by a cyberattack. Unknown Public admin and defence, social security CC US Crawford County Assessor’s Office
91 29/12/2021 - - ? Donnelley & Sons Donnelley & Sons, a vendor of NJ Office of Information Technology suffers a cyber attack and all the activity is affected. Unknown Professional, scientific and technical CC US Donnelley & Sons
92 30/12/2021 Between 11/01/2021 and 31/08/2021 2/12/2021 ? PulseTV U.S. online store PulseTV discloses a large-scale customer credit card compromise with more than 200,000 shoppers impacted. Fake Social Accounts Individual N/A CN Twitter, China, Changyu Culture
93 30/12/2021 Since 01/12/2021 - ? OCBC Customers Singapore police warns of a spate of phishing SMS scams that affected at least 469 customers of OCBC Bank and resulted in losses of more than SG$8.5 million. Account Takeover Finance and insurance CC SG OCBC Customers
94 30/12/2021 - 30/3/2021 ? New Leaf, Inc. New Leaf, Inc., a non-profit provider of services to individuals with developmental disabilities, starts notifying 10,438 individuals that some of their protected health information was potentially compromised in a March 2021 ransomware attack. Malware Human health and social work CC US New Leaf, Inc., ransomware
95 31/12/2021 20/12/2021 20/12/2021 ? Gloucester City Council The Gloucester City Council suffers a cyber attack. Unknown Public admin and defence, social security CC UK Gloucester City Council
ID Date Reported Date Occurred Date Discovered Author Target Description Attack Target Class Attack Class Country Link Tags

SUPPORT MY WORK!

BREACHOMETER

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

12 MONTHS TREND
POPULAR POSTS
The Biggest Data Breaches of 2021
Click Here
Leaky Buckets: a List of Cloud Misconfigurations
Click Here
Cloud-Native Threats in 2021
Click Here
Previous slide
Next slide
FOLLOW ME ON TWITTER
Tags: , , , , , , , , , , , , , , , ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.