EVENTS
0
EVENTS/DAY
0
EVENTS
0
EVENTS/DAY

Here we go with the last cyber attacks timeline of 2021 where i have collected 91 events (5.7 per day), meaning that apparently the Christmas season has lead to a decrease from the 126 events collected in the previous timeline.

Even in the second fortnight of December, ransomware dominates the threat landscape but the percentage of events directly or indirectly characterized by this attack vector drops to 18.7% from 23.6% (17 out of 91 events), despite the number could be even higher since in many cases the targeted organizations mention generic outages.

And unsurprisingly the impact of vulnerabilities continue to grow characterizing, directly or indirectly 15 out of 91 events (corresponding to 16.5%), a sharp increase compared to 11.4% of the previous timeline whose main “merit” goes to the Log4Shell CVE-2021-44228 vulnerability massively exploited by cyber criminals (including ransomware gangs) and state-sponsored threat actors.

The cyber espionage front continues to be quite crowded, even because in this fortnight there have been multiple surveillance operations unearthed by security researchers targeting politicians and opponents in multiple countries such as Poland and Egypt, carried out via an old acquaintance such as the infamous Pegasus spyware, but also via  additional cyber mercenaries such as Cytrox, whose infrastructure has been taken down by Meta, the company behind Facebook.

Besides the so’-called cyber mercenaries, the timeline is also characterized by state sponsored actors such as APT10, APT28, Turla, and Aquatic Panda, a new actor ready to jump on the Log4Shell bandwagon.

And, just to close this brief description, the massive hacks against fintech startups continued also in the second fortnight of December with two additional events, one of which, unsurprisingly was carried out exploiting the Log4Shell vulnerability.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

IDDate ReportedDate OccurredDate DiscoveredAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
116/12/2021Since at least January 2021During June 2021PseudoManuscryptMultiple organizationsResearchers from Kaspersky discover the PseudoManuscrypt campaign targeting more than 35,000 computers in 195 countries.MalwareMultiple IndustriesCE>1Kaspersky, PseudoManuscrypt
216/12/2021--?United States Commission on International Religious Freedom (USCIRF)Researchers from Avast reveal that a sophisticated threat actor has gained access and has backdoored the internal network of a US federal government agency.Targeted AttackPublic admin and defence, social securityCEUSAvast, United States Commission on International Religious Freedom, USCIRF
316/12/2021--TwiztMultiple organizationsResearchers from Check Point discover a new variant of the Phorpiex botnet, known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping and ransomware spread, called “Twizt” and using a peer-to-peer command and control infrastructure.MalwareMultiple IndustriesCC>1Check Point, Phorpiex, Twizt
416/12/2021--KhonsariSelf-hosted Minecraft serversMicrosoft urges admins of self-hosted Minecraft servers to upgrade to the latest release to defend against Khonsari ransomware attacks exploiting the critical Log4Shell security vulnerability.CVE-2021-44228 VulnerabilityArts entertainment, recreationCC>1Microsoft, Minecraft, Khonsari, ransomware, Log4Shell, CVE-2021-44228
516/12/2021--Cobwebs TechnologiesFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, Cobwebs Technologies
616/12/2021--CognyteFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, Cognyte
716/12/2021--Black CubeFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, Black Cube
816/12/2021--Bluehawk CIFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, Bluehawk CI
916/12/2021--BellTroXFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, BellTroX
1016/12/2021--CytroxFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, Cytrox
1116/12/2021--Unknown entity in ChinaFacebook usersFacebook disrupts the operations of seven different spyware-making companies targeting roughly 50,000 Facebook users in over 100 countries around the world.Fake Social AccountsIndividualCE>1Facebook, China
1216/12/2021-15/10/2021?Tackle Warehouse LLC Running Warehouse LLC Tennis Warehouse LLC Skate Warehouse LLCFour affiliated online sports gear sites disclose a cyberattack where threat actors stole credit cards for 1,813,224 customers.UnknownWholesale and retailCCUS"Tackle Warehouse LLC, Running Warehouse LLC, Tennis Warehouse LLC, Skate Warehouse LLC"
1316/12/2021Late November 2021Late November 2021?Virginia Museum of Fine ArtsAn information technology system security breach prompts the Virginia Museum of Fine Arts to shut down its website for a state investigation,UnknownArts entertainment, recreationCCUSVirginia Museum of Fine Arts
1416/12/2021Mid November 2021Mid November 2021NoberusMultiple organizationsResearchers from Symantec reveal the details of Noberus, the first ransomware written in Rust.MalwareMultiple IndustriesCC>1Symantec, Noberus, ransomware, Rust
1516/12/2021During June 2021-Egyptian Government?Ayman Nour (Egyptian politician vocal opponent of current President Abdel Fattah Al-Sisi)Citizen Lab reveals that the iPhone of the Egyptian politician Ayman Nour was hacked by two different government hacking groups, using spyware made by NSO Group and CytroxMalwareIndividualCEEGAyman Nour, Abdel Fattah Al-Sisi, Pegasus, BSO Group, Cytrox
1616/12/2021During June 2021-Egyptian Government?Ayman Nour (Egyptian politician vocal opponent of current President Abdel Fattah Al-Sisi)Citizen Lab reveals that the iPhone of the Egyptian politician Ayman Nour was hacked by two different government hacking groups, using spyware made by NSO Group and CytroxMalwareIndividualCEEGAyman Nour, Abdel Fattah Al-Sisi, Pegasus, NSO Group, Cytrox
1716/12/2021During June 2021-Egyptian Government?Anonymous Egyptian journalist,Citizen Lab finds traces of the Pegasus Spyware even in the phone of an anonymous Egyptian journalist.MalwareIndividualCEEGPegasus, NSO Group, Cytrox
1816/12/2021-31/10/2021?VPN Solutions LLCVPN Solutions LLC is hit by a ransomware attack and multiple covered entities still can't access their data two month after the incident.MalwareProfessional, scientific and technicalCCUSVPN Solutions LLC, ransomware
1917/12/2021--ContiVMware vCenter Server instancesResearchers from AdvIntel reveal that the Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.CVE-2021-44228 VulnerabilityMultiple IndustriesCC>1AdvIntel, Conti, Log4Shell, ransomware, VMware vCenter Server, CVE-2021-44228
2017/12/2021Since late October 2021-Multiple APT actorsMultiple organizationsThe FBI's cyber division issues an alert warning enterprises using Zoho-owned ManageEngine's Desktop Central that advanced attackers have been exploiting CVE-2021-44515 to install malware since late October.CVE-2021-44515 vulnerabilityMultiple IndustriesCEUSFBI, Zoho, ManageEngine, Desktop Central, CVE-2021-44515
2117/12/2021During October 2021-ContiFinite RecruitmentIT recruitment firm Finite Recruitment confirms it experienced a cyber incident in October, which resulted in a "small subset" of the company's data being downloaded and published on the dark web.MalwareAdministration and support serviceCCAUFinite Recruitment
2217/12/2021--APT10Multiple organizationsResearchers from SecurityScorecard discover malicious activity by the Chinese threat actor APT10 trying to exploit the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityMultiple IndustriesCE>1SecurityScorecard, APT10, Log4Shell, CVE-2021-44228
2317/12/2021--APT28Multiple organizationsResearchers from SecurityScorecard discover malicious activity by the Russian threat actor APT28 trying to exploit the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityMultiple IndustriesCE>1SecurityScorecard, APT28, Log4Shell, CVE-2021-44228
2417/12/2021--TurlaMultiple organizationsResearchers from SecurityScorecard discover malicious activity by the Russian threat actor Turla trying to exploit the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityMultiple IndustriesCE>1SecurityScorecard, Turla, Log4Shell, CVE-2021-44228
2517/12/2021--UrsnifMultiple organizationsResearchers from SecurityScorecard discover malicious activity by the Russian threat actor Ursnif trying to exploit the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityMultiple IndustriesCC>1SecurityScorecard, Ursnif, Log4Shell, CVE-2021-44228
2617/12/2021--Grizzly SteppeMultiple organizationsResearchers from SecurityScorecard discover malicious activity by the Russian threat actor Grizzly Steppe trying to exploit the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityMultiple IndustriesCE>1SecurityScorecard, Grizzly Steppe, Log4Shell, CVE-2021-44228
2717/12/2021During November 2021-?Medical Review Institute of America (MRIoA)The Medical Review Institute of America notifies patients of a ransomware incident.MalwareProfessional, scientific and technicalCCUSThe Medical Review Institute of America, MRIoA, ransomware
2817/12/2021--?Android usersThe Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. The app was downloaded more than 500,000 times before its removal from the store.MalwareIndividualCC>1Android, Joker, Google Play, Color Message.
2918/12/202118/12/202118/12/2021Sharp BoysTiyuliA hacker group called Sharp Boys announces that it had hacked two Israeli hiking websites leaking the information of 100,000 users and offering the information of around three million people for sale.UnknownArts entertainment, recreationCCILSharp Boys, Tiyuli
3018/12/202118/12/202118/12/2021Sharp BoysLametayelA hacker group called Sharp Boys announces that it had hacked two Israeli hiking websites leaking the information of 100,000 users and offering the information of around three million people for sale.UnknownWholesale and retailCCILSharp Boys, Lametayel
3119/12/202119/12/202119/12/2021?Grim FinanceDeFi protocol Grim Finance says about $30 million was stolen this weekend by hackers exploiting a vulnerability in their platform.VulnerabilityFintechCCN/AGrim Finance
3219/12/2021During October 2021-Cl0pUK PoliceThe Cl0p ransomware gang publishes confidential data held by UK Police on the dark web.MalwarePublic admin and defence, social securityCCUKCl0p, ransomware, UK Police
3320/12/202116/12/202116/12/2021?Belgium's ministry of defenseThe Belgium's ministry of defense confirms it was hit by a cyberattack, where threat actors allegedly exploited the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityPublic admin and defence, social securityN/ABEBelgium's ministry of defense, Log4Shell, CVE-2021-44228
3420/12/2021--?UbisoftUbisoft confirms a cyberattack on its IT infrastructure targeting the popular game Just Dance.MisconfigurationArts entertainment, recreationCCFRUbisoft
3520/12/202119/12/202119/12/2021BlackCat AKA ALPHVInetum GroupFrench IT services company Inetum Group is hit by a ransomware attackMalwareProfessional, scientific and technicalCCFRInetum Group, BlackCat, ALPHV
3620/12/2021Between 15/08/2021 and 10/12/2021-?Multiple organizationsA report from INKY reveal the details of a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims.Account TakeoverMultiple IndustriesCC>1INKY, Pfizer
3720/12/2021--DridexMultiple organizationsThreat actors are exploiting the critical Apache Log4j vulnerability (Log4Shell) to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.CVE-2021-44228 VulnerabilityFinance and insuranceCC>1Apache Log4Shell, Dridex, CVE-2021-44228
3820/12/2021Since 2019Since March 2021Multiple threat actorsFacebook usersMeta, the parent company for Facebook, Instagram, and WhatsApp, files a lawsuit against the operators of more than 39,000 phishing sites that have been hosted through the Ngrok service.Account TakeoverIndividualCC>1Meta, Facebook, Instagram, WhatsApp, Ngrok
3920/12/2021Between 09/08/2021 and 15/08/202119/10/2921?Texas Ear, Nose and Throat Specialists (Texas ENT)More than half a million patients are impacted by a data breach at US healthcare provider Texas Ear, Nose and Throat Specialists (Texas ENT).UnknownHuman health and social workCCUSTexas Ear, Nose and Throat Specialists, Texas ENT
4020/12/2021--KinsingVulnerable Apache Log4j serversResearchers from Sophos reveal that the Kinsing miner botnet is dominating the attempts to exploit the Log4Shell vulnerability.CVE-2021-44228 VulnerabilityMultiple IndustriesCC>1Sophos, Kinsing, Log4Shell
4120/12/202120/12/202120/12/2021?CompuGroup MedicalCompuGroup Medical is hit with a ransomware attack.MalwareProfessional, scientific and technicalCCDECompuGroup Medical, ransomware
4220/12/202120/12/202120/12/2021?Big WhiteThe Big White resort notifies of a potential data breach due to possible malware.MalwareArts entertainment, recreationCCUSBig White
4320/12/2021During the previous weekDuring the previous week?Coombe Women and Infants University HospitalCoombe Women and Infants University Hospital confirms to have been hit with a ransomware attack.MalwareHuman health and social workCCIECoombe Women and Infants University Hospital, ransomware
4421/12/2021During 2021During 2021?IndividualsResearchers from Group-IB, discover a worldwide scam campaign impersonating famous brands, and targeting users in over 90 countries all around the world, including the United States, Canada, South Korea, and Italy.Fake Web SitesIndividualCC>1Group-IB
4521/12/2021Since at least October 2021-?AbcbotResearchers from Cado Security discover a new version of the Abcbot botnet, targeting insecure cloud instances running under Cloud Service Providers such as Tencent, Baidu, Alibaba Cloud, and Huawei cloud.MisconfigurationMultiple IndustriesCCCNCado Security, Abcbot, Tencent, Baidu, Alibaba Cloud, Huawei cloud
4621/12/2021Between 03/08/2021 and 05/08/20215/8/2021?Rhode Island Public Transit Authority (RIPTA)The Rhode Island Public Transit Authority sends out a notice saying that it identified a "security incident leading to the exfiltration of data including information about RIPTA health plans with Social Security numbers, addresses, dates of birth.UnknownTransportation and storageCCUSRhode Island Public Transit Authority, RIPTA
4721/12/2021--UAE GovernmentHanan Elatr, wife of deceased Saudi journalist Jamal KhashoggiCitizen Lab reveals that the UAE used the NSO Group's Pegasus trojan to hack and track the phone of Hanan Elatr, wife of deceased Saudi journalist Jamal Khashoggi.MalwareIndividualCEEGCitizen Lab, NSO Group, Pegasus, Hanan Elatr, Jamal Khashoggi.
4821/12/2021Between 10/05/2021 and 15/08/202128/7/2021?Monongalia Health SystemMonongalia Health System suffers a data breach resulting from a phishing attack, which gave hackers access to several email accounts.Account TakeoverHuman health and social workCCUSMonongalia Health System
4921/12/2021--?Unknown OrganizationsThe UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU discover and donate to the community a 225 million cache of stolen emails and passwords.UnknownUnknownCC>1UK National Crime Agency, NCA, National Cyber Crime Unit, NCCU
5021/12/2021--?Multiple organizationsResearchers from Sophos release details of a novel exploit that bypasses a patch for the critical vulnerability CVE-2021-40444 affecting the Microsoft Office file format, to install the Formbook malware.CVE-2021-40444 VulnerabilityMultiple IndustriesCC>1Sophos, CVE-2021-40444, Microsoft Office, Formbook
5121/12/2021Over the past five years-?British CouncilThe British Council has fallen victim to two successful ransomware attacks over the past five years.MalwarePublic admin and defence, social securityCCUKBritish Council, Ransomware
5221/12/202118/11/202118/11/2021?Luxemburg-Casco School DistrictLuxemburg-Casco School District discloses a data security incident that resulted in unauthorized access to 1,399 individuals’ personal information.UnknownEducationCCUSLuxemburg-Casco School District
5321/12/2021-1/11/2021?Monterey Peninsula Unified School DistrictThe Monterey Peninsula Unified School District notifies current and former employees of a data security incident that they discovered on or about November 1.UnknownEducationCCUSMonterey Peninsula Unified School District
5421/12/2021Between 11/05/2021 and 02/08/202125/10/2021?Welfare Pension and Annuity Funds of Local No ONE IATSEWelfare Pension and Annuity Funds of Local No ONE IATSE notifies 20,579 individuals about an email security incident that resulted in the exposure of sensitive data.Account TakeoverFinance and insuranceCCUSWelfare Pension and Annuity Funds of Local No ONE IATSE
5522/12/2021--DridexBanking usersA new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message.MalwareFinance and insuranceCCUSDridex
5622/12/2021Over the past few weeks-Avos LockerMultiple organizationsA report from Sophos reveals that the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions by rebooting compromised systems into Windows Safe Mode.MalwareMultiple IndustriesCC>1Sophos, Avos Locker
5722/12/2021Since at least October 2021During October 2021?CoinSpot cryptocurrency exchange usersResearchers from Cofense discover a new phishing campaign targeting CoinSpot cryptocurrency exchange usersAccount TakeoverFintechCC>1Cofense, CoinSpot
5822/12/2021-14/11/2021?Millennium Eye CareMillennium Eye Care discloses a ransomware incident.MalwareHuman health and social workCCUSMillennium Eye Care, ransomware
5923/12/2021--?Undisclosed government entity in AlbaniaA massive data breach exposes the data on the salaries and personal information of 637,138 Albanian residents working in the private and public sectors.UnknownPublic admin and defence, social securityCCALAlbania
6023/12/2021--?Multiple organizationsResearchers from Elastic Security uncover a stealthy malware campaign that leverages valid code signing certificates to evade detection. The campaign is also used to drop a second stage payload called BLISTER.MalwareMultiple IndustriesCC>1Elastic, BLISTER
6123/12/2021Since at least mid December 2021-?Banking users of Itaú UnibancoResearchers from Cyble discover a new Android banking trojan targeting Itaú Unibanco and using a fake Google Play page to trick visitors into thinking they are installing the app from a trustworthy service.MalwareFinance and insuranceCCBRCyble, Android, Itaú Unibanco, Google Play
6223/12/2021Since at least November 2021Since at least November 2021RookMultiple organizationsResearchers from SentinelOne discover a new ransomware operation named Rook, derived from the leaked Babuk ransomware code.MalwareMultiple IndustriesCC>1SentinelOne, ransomware, Rook, Babuk
6323/12/2021Between 26/04/2019 and 23/10/2019-Polish Government?Polish Senator Krzysztof BrejzaCitizen Lab reveals that Polish Senator Krzysztof Brejza was hacked using the NSO Group's Pegasus spyware 33 times between April 26, 2019 and October 23, 2019.MalwareIndividualCEPLCitizen Lab, Krzysztof Brejza, NSO Group, Pegasus
6423/12/2021--Polish Government?Polish prosecutor Ewa WrzosekCitizen Lab reveals that Pegasus was also used to hack into the phones of Polish prosecutor Ewa Wrzosek and Roman Giertych, a lawyer for Brejza's party Civic Platform.MalwareIndividualCEPLCitizen Lab, Ewa Wrzosek, NSO Group, Pegasus
6523/12/2021--Polish Government?Roman GiertychCitizen Lab reveals that Pegasus was also used to hack into the phones of Polish prosecutor Ewa Wrzosek and Roman Giertych, a lawyer for Brejza's party Civic Platform.MalwareIndividualCEPLCitizen Lab, Roman Giertych, NSO Group, Pegasus
6623/12/2021--?Single individualsResearchers from ReasonLabs discover a campaign inserting Monero miners to the Russian torrent files of the "Spider-Man: No Way Home" movie.MalwareArts entertainment, recreationCC>1ReasonLabs, Monero, "Spider-Man: No Way Home"
6723/12/2021Between 13/12/2021 and 19/12/202113/12/2021?USCellularUSCellular discloses a data breach after the company's billing system was hacked in December 2021 when the company detected an unauthorized access.UnknownInformation and communicationCCUSUscellular
6823/12/2021"Recently""Recently"?Crypto-wallets of Telegram usersResearchers from Safeguard reveal that attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer.MalwareFintechCC>1Safeguard, Telegram, Echelon
6924/12/2021Two weeks earlier-ContiShutterflyPhotography and personalized photo giant Shutterfly suffers a Conti ransomware attack.MalwareArts entertainment, recreationCCUSShutterfly, Conti, ransomware
7024/12/2021During December 2021-DridexBanking usersA new Dridex malware phishing campaign exploits the Omicron COVID-19 variant lure.MalwareFinance and insuranceCCUSDridex
7124/12/2021Between 11/12/2021 and 13/12/2021-?ONUSONUS, one of the largest Vietnamese crypto trading platforms, suffers a cyber attack on its payment system running a vulnerable Log4j version. The threat actors approached ONUS to extort a $5 million sum.CVE-2021-44228 VulnerabilityFintechCCVNONUS, Log4j, Log4Shell, CVE-2021-44228
7224/12/202117/12/2021-?Capital Region Medical Center (CRMC)Capital Region Medical Center (CRMC) confirms it was the victim of a cyber attack.UnknownHuman health and social workCCUSCapital Region Medical Center, CRMC
7324/12/2021-23/8/2021?Weddell Pediatric Dental SpecialistsWeddell Pediatric Dental Specialists notifies 5,356 individuals that an unauthorized individual gained access to an employee’s email account that contained their protected health information.Account TakeoverHuman health and social workCCUSWeddell Pediatric Dental Specialists
7424/12/2021Between 21/10/2021 and 27/10/202127/10/2021?Duneland School CorporationDuneland School Corporation notifies employees and dependents of a data breach.UnknownEducationCCUSDuneland School Corporation
7524/12/2021"Shortly before Christmas""Shortly before Christmas"?German Pharmacists’ Association (DAV).The German Pharmacists’ Association (DAV) is the target of a phishing attack aimed to falsify vaccination data.Account TakeoverHuman health and social workCCDEGerman Pharmacists’ Association, DAV
7627/12/2021Between 19/12/2021 and 26/12/2021-eCh0raix AKA QNAPCryptMisconfigured QNAP devicesUsers of QNAP NAS devices report attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.MalwareMultiple IndustriesCC>1QNAP, eCh0raix, ransomware, QNAPCrypt
7727/12/2021--?Multiple organizationsSeveral malicious campaigns are abusing the Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems.MalwareMultiple IndustriesCC>1Microsoft Build Engine, MSBuild, Cobalt Strike
7827/12/2021-16/12/2020?Florida Digestive Health Specialists LLPFlorida Digestive Health Specialists LLP notifies more than 212,500 individuals of a December 2020 breach involving business email compromise and fraud.Account TakeoverHuman health and social workCCUSFlorida Digestive Health Specialists LLP
7928/12/2021Since October 2020-BlackTechJapanese CompaniesResearchers from NTT Security detect the BlackTech cyber-espionage APT group targeting Japanese companies using a novel malware that researchers call ‘Flagpro’.Targeted AttackMultiple IndustriesCEJPNTT Security, BlackTech, Flagpro
8028/12/2021--?T-Mobile usersT-Mobile confirms that recent reports of a new data breach are linked to notifications sent to a "very small number of customers" who fell victim to SIM swap attacks.Account TakeoverInformation and communicationCCUST-Mobile
8128/12/202128/12/202128/12/2021?LastPass usersMany LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.Credential StuffingIndividualCC>1LastPass
8228/12/202128/12/202128/12/2021?AmediaAmedia, the largest local news publisher in Norway, announces that several of its central computer systems were shut down in what it is calling an apparent “serious” cyberattack.UnknownInformation and communicationCCNOAmedia
8328/12/2021Since 2020-?Iranian organizationsResearchers from Amnpardaz, an Iranian security company, discover iLOBleed, a rootkit that hides inside the firmware of HP iLO devices and which has been used in real-world attacks to wipe servers of Iranian organizations.MalwareMultiple IndustriesCWIRAmnpardaz, iLOBleed, HP
8428/12/2021--AQUATIC PANDAMultiple organizationsResearchers from Crowdstrike reveal that the threat actor dubbed AQUATIC PANDA is trying to exploit the Log4Shell CVE 2021-44228 vulnerability.Targeted AttackMultiple IndustriesCE>1Crowdstrike, AQUATIC PANDA, Log4Shell, CVE 2021-44228
8528/12/20211/8/20211/8/2021?Brown CountyBrown County confirms a malware security breach occurred on August 2021.MalwarePublic admin and defence, social securityCCUSBrown County
8628/12/202125/12/202125/12/2021?Saskatchewan Liquor and Gaming Authority (SLGA)The Saskatchewan Liquor and Gaming Authority (SLGA) reports that it has temporarily disabled certain computer systems and applications, as it investigates a cybersecurity incident that occurred on Dec. 25.UnknownPublic admin and defence, social securityCCCASaskatchewan Liquor and Gaming Authority, SLGA
8729/12/2021--Avos LockerUnnamed US Police DepartmentThe Avos Locker ransomware operation provides a free decryptor after learning they encrypted a US government agency.MalwarePublic admin and defence, social securityCCUSAvos Locker, ransomware
8829/12/2021Since 2019-?Misconfigured Docker systemsResearchers from Aquasec reveal the details of a cryptomining campaign targeting misconfigured Docker APIs and able to avoid detection since 2019.MisconfigurationMultiple IndustriesCC>1Aquasec, Docker
8929/12/2021--?Khyber Pakhtunkhwa PoliceKhyber Pakhtunkhwa Police is hit by an apparent cyberattack and data is put up for sale on the internet.UnknownPublic admin and defence, social securityCCPKKhyber Pakhtunkhwa Police
9029/12/202127/12/202127/12/2021?Crawford County Assessor’s OfficeCrawford County Assessor’s Office is hit by a cyberattack.UnknownPublic admin and defence, social securityCCUSCrawford County Assessor’s Office
9129/12/2021--?Donnelley & SonsDonnelley & Sons, a vendor of NJ Office of Information Technology suffers a cyber attack and all the activity is affected.UnknownProfessional, scientific and technicalCCUSDonnelley & Sons
9230/12/2021Between 11/01/2021 and 31/08/20212/12/2021?PulseTVU.S. online store PulseTV discloses a large-scale customer credit card compromise with more than 200,000 shoppers impacted.Fake Social AccountsIndividualN/ACNTwitter, China, Changyu Culture
9330/12/2021Since 01/12/2021-?OCBC CustomersSingapore police warns of a spate of phishing SMS scams that affected at least 469 customers of OCBC Bank and resulted in losses of more than SG$8.5 million.Account TakeoverFinance and insuranceCCSGOCBC Customers
9430/12/2021-30/3/2021?New Leaf, Inc.New Leaf, Inc., a non-profit provider of services to individuals with developmental disabilities, starts notifying 10,438 individuals that some of their protected health information was potentially compromised in a March 2021 ransomware attack.MalwareHuman health and social workCCUSNew Leaf, Inc., ransomware
9531/12/202120/12/202120/12/2021?Gloucester City CouncilThe Gloucester City Council suffers a cyber attack.UnknownPublic admin and defence, social securityCCUKGloucester City Council
IDDate ReportedDate OccurredDate DiscoveredAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

SUPPORT MY WORK!

BREACHOMETER

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

12 MONTHS TREND
POPULAR POSTS
  • Image by xresch from Pixabay1-15 January 2022 Cyber Attacks Timeline

    Let’s start this 2022 with the first cyber attacks timeline. The new year begins with...

  • 2021 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2021 from the cyber attacks timelines. In the past year I have collected 2539 events, meaning...

  • August 2016 Cyber Attacks Statistics

    It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart ...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

  • Cloud-Native Threats in 2021

    I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics.

FOLLOW ME ON TWITTER

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.