Let’s start this 2022 with the first cyber attacks timeline. The new year begins with a noticeable decrease in the number of collected events. A number (84) that, despite smaller than the previous months, is in line with the value of the first half of January 2021 (88 events). Apparently threat actors take some rest during the Christmas break
But despite the break, ransomware continues to characterize the threat landscape with 26 out of 84 events (corresponding to 30.9%), an important growth compared with 23.6% of the second timeline of December. On the other hand, the number of events carried out exploiting vulnerabilities dropped to 7.1% (6 out of 84 events) from 16.5% of the previous timeline.
Mega breaches seem to be a concerning trend for this early 2022, with million of records siphoned from multiple organizations in the healthcare, entertainment, and multiple other sectors. I am curious to see if this is a short-lived phenomenon, or it will really characterize the whole year.
Lust but not least, an additional fintech company operating in the sector of NFTs, has joined the unwelcome list of the hacked startups that suffered a massive lost of funds by attackers.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Here we go with the last cyber attacks timeline of 2021 where i have collected 91 events (5.7 per day), meaning that apparently the Christmas season has lead to…
Nothing new under the cyber espionage front, with multiple threat actors targeting organizations worldwide. The list includes well-known threat actors such as APT32 (AKA OceanLotus), APT35 (AKA Charming Kittens), APT37, Patchwork, and multiple Russian threat actors targeting local governments in the United States.
Last but not least, Ukraine continues to be a hot front of war, and not only in the real world. In this fortnight the country suffered at least two operations: a massive defacement of multiple sites belonging to various public institutions (a similar operation, allegedly carried out by the Russia-backed GhostWriter also hit Poland) and, even worse, a destructive data-wiping malware dubbed WhisperGate.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/2022
15/10/12021
19/10/2021
?
Broward Health
The Broward Health public health system discloses a large-scale data breach incident impacting 1,357,879 individuals.
Unknown
Human health and social work
CC
US
Broward Health
2
01/01/2022
27/12/2021
1/1/2022
NightSky
Two undisclosed victims
NightSky is the first new ransomware discovered in 2022.
Malware
Multiple Industries
CC
N/A
NightSky, Ransomware
3
01/01/2022
09/12/2021
-
?
Chattanooga Area Chamber of Commerce
A transparency activist shares information indicating a massive trove of data stolen from the Chattanooga Area Chamber of Commerce by a ransomware gang is up for sale.
Malware
Public admin and defence, social security
CC
US
Chattanooga Area Chamber of Commerce, ransomware
4
02/01/2022
1/1/2022
1/1/2022
Lapsus$
Impresa
The Lapsus$ ransomware gang hacks and extorts Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.
Unknown
Information and communication
CC
PT
Lapsus$, ransomware, Impresa, SIC, Expresso
5
02/01/2022
-
During March 2021
China or Russia?
Defence Academy of the United Kingdom
A retired military officer discloses a cyberattack that struck the UK Ministry of Defence (MoD) academy (Defence Academy of the United Kingdom) and had a "significant" impact on the organization.
Unknown
Public admin and defence, social security
CE
UK
Defence Academy of the United Kingdom, UK Ministry of Defence, MoD, China, Russia
6
03/01/2022
-
-
?
Multiple Organizations
Researchers from Minerva Labs discover a malicious Telegram for Desktop installer distributing the Purple Fox malware to install further malicious payloads on infected devices.
Malware
Multiple Industries
CC
>1
Minerva Labs, Telegram, Purple Fox
7
03/01/2022
-
-
?
Over 100 real estate sites
Researchers from Palo Alto discover a campaign where the attackers compromised a cloud video hosting service to inject a web skimmer in over 100 real estate sites.
Malicious Script Injection
Real estate
CC
>1
Palo Alto
8
03/01/2022
27/10/2021
27/10/2021
?
Ravkoo
Ravkoo, a US Internet-based pharmacy service, discloses a data breach after the company's AWS hosted cloud prescription portal is involved in a security incident that may have led to personal and health information being accessed.
Unknown
Human health and social work
CC
US
Ravkoo, AWS
9
03/01/2022
Since at least 19/10/2021
-
APT37 (AKA StarCruft, Group123, Operation Erebus, and Operation Daybreak).
Russian diplomatic sector
Researchers from Cluster25 reveal that APT37 have compromised the email account of a staff member of Russia’s Ministry of Foreign Affairs (MID) and deployed spear-phishing attacks against the country’s diplomats in other regions via the Konni malware.
Italian luxury fashion giant Moncler confirms to have been hit with a AlphV/BlackCat ransomware attack.
Malware
Wholesale and retail
CC
IT
Moncler, BlackCat, ALPHV, ransomware
11
03/01/2022
3/1/2022
3/1/2022
?
Jerusalem Post
The website of the English-language Jerusalem Post media outlet is defaced in the anniversary of the killing of Qasem Soleimani.
Defacement
Information and communication
H
IL
Jerusalem Post, Qasem Soleimani
12
03/01/2022
3/1/2022
3/1/2022
?
Maariv
The Twitter account of Hebrew-language Maariv media outlet is defaced in the anniversary of the killing of Qasem Soleimani.
Account Takeover
Information and communication
H
IL
Maariv, Qasem Soleimani
13
03/01/2022
3/1/2022
3/1/2022
?
Twitter account of the Indian Medical Association
The official Twitter accounts of the Indian Medical Association is compromised in a series of crypto hacks.
Account Takeover
Human health and social work
CC
IN
Indian Medical Association
14
03/01/2022
3/1/2022
3/1/2022
?
Twitter account of the Indian Council of World Affairs
The official Twitter accounts of the Indian Council of World Affairs is compromised in a series of crypto hacks
Account Takeover
Other service activities
CC
IN
Indian Council of World Affairs
15
03/01/2022
3/1/2022
3/1/2022
?
Twitter account of the Mann Deshi Bank
The official Twitter accounts of the Mann Deshi Bank is compromised in a series of crypto hacks.
Account Takeover
Finance and insurance
CC
IN
Mann Deshi Bank
16
03/01/2022
4/1/2022
From 16/10/2021, to 04/11/2021
?
Signature Healthcare Brockton Hospital
Signature Healthcare announces a data breach that has affected 9,798 Brockton Hospital patients. Suspicious activity was detected in its email environment on November 4, 2021
Account Takeover
Human health and social work
CC
US
Signature Healthcare Brockton Hospital
17
03/01/2022
-
-
?
Peachtree Orthopaedic Clinic
Peachtree Orthopaedic Clinic discloses an unauthorized access.
Unknown
Human health and social work
CC
US
Peachtree Orthopaedic Clinic
18
04/01/2022
During July 2020
-
?
DatPiff
The cracked passwords for almost 7.5 million DatPiff members are being sold online.
Unknown
Arts entertainment, recreation
CC
US
DatPiff
19
04/01/2022
"Recently"
"Recently"
Multiple threat actors
Individuals
The FBI sends out an alert warning users of Google Voice phishing.
Account Takeover
Individual
CC
US
FBI, Google Voice
20
04/01/2022
-
15/7/2021
?
Illinois Office of the Special Deputy Receiver (OSD)
The Illinois Office of the Special Deputy Receiver confirms to have been hit by a cyberattack, resulting in $6.85 millions of dollars in losses to two auto insurance agencies under liquidation
Account Takeover
Public admin and defence, social security
CC
US
Illinois Office of the Special Deputy Receiver, OSD
21
05/01/2022
Since November 2020
-
MalSmoke
Thousands of victims from 111 countries
Researchers from Check Point discover a new Zloader campaign exploiting Microsoft's digital signature verification, via a modified installer of Atera, to deploy malware payloads and steal user credentials from thousands of victims from 111 countries.
Malware
Finance and insurance
CC
>1
Check Point, Zloader, Microsoft, Atera
22
05/01/2022
Since at least 2019
-
Elephant Beetle
Businesses in the financial sector in Latin America
Researchers from Sygnia reveal the details of 'Elephant Beetle', a financially-motivated threat actor focused in businesses in the financial sector in Latin America.
Multiple unpatched vulnerabilities
Finance and insurance
CC
>1
Sygnia, Elephant Beetle, Latin America
23
05/01/2022
-
-
?
17 well-known companies, including online retailers, restaurant chains, and food delivery services
The New York State Office of the Attorney General (NY OAG) warns 17 well-known companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks.
Credential Stuffing
Multiple Industries
CC
US
New York State Office of the Attorney General, NY OAG
24
05/01/2022
-
-
Unknown threat group
Vulnerable VMware Horizon deployments
The UK's National Health Service (NHS) publishes a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.
CVE-2021-44228 Vulnerability
Multiple Industries
N/A
UK
UK's National Health Service, NHS, VMware Horizon, Log4Shell, CVE-2021-44228
25
05/01/2022
5/1/2022
5/1/2022
?
Bernalillo County
County government buildings and public offices are closed across the cities of Albuquerque, Los Ranchos, and Tijeras after a ransomware attack cripples the IT network of the Bernalillo County government.
Malware
Administration and support service
CC
US
Albuquerque, Los Ranchos, Tijeras. Ransomware, Bernalillo County
26
05/01/2022
"Recently"
"Recently"
?
Element Solutions
Specialty chemicals company Element Solutions reveals that it had experienced a cybersecurity incident.
Unknown
Manufacturing
CC
US
Element Solutions
27
05/01/2022
17/12/2021
-
?
Capital Region Medical Center
Capital Region Medical Center discloses to have suffered a cyber attack whose restore operations are still in progress.
Unknown
Human health and social work
CC
US
Capital Region Medical Center
28
06/01/2022
23/12/2021
23/12/2021
Uawrongteam
FlexBooker
Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.
Account Takeover
Administration and support service
CC
US
FlexBooker, AWS, Uawrongteam
29
06/01/2022
Since December 2021
During December 2021
?
Multiple Organizations
Researchers from Avanan discover multiple campaigns leveraging the comment feature in Google Docs, targeting primarily Outlook users, to distribute phishing pages and malware.
Malware
Multiple Industries
CC
>1
Avanan, Google Docs, Outlook
30
06/01/2022
4/1/2021
4/1/2021
?
FinalSite
FinalSite, a leading school website services provider, suffers a ransomware attack disrupting access to websites for thousands of schools worldwide.
Malware
Professional, scientific and technical
CC
UK
FinalSite, Ransomware
31
06/01/2022
Since early 2020
-
FluBot
Android users in Europe
Researchers from F5 discover additional FluBot campaigns targeting more European countries.
Malware
Finance and insurance
CC
>1
F5, FluBot
32
06/01/2022
-
-
Sfile AKA Escal
Linux systems
The operators of the SFile ransomware, also known as Escal, have ported their malware to work and encrypt files on Linux-based operating systems.
Malware
Multiple Industries
CC
>1
Sfile, Escal, Ransomware
33
06/01/2022
-
1/2/2021
?
Fertility Centers of Illinois (FCI)
Fertility Centers of Illinois (FCI) notifies 79,943 current and former patients that some of their protected health information may have been viewed or obtained by unauthorized individuals.
Unknown
Human health and social work
CC
US
Fertility Centers of Illinois, FCI
34
06/01/2022
-
5/6/2021
?
Jefferson Surgical Clinic
Jefferson Surgical Clinic notifies 174,769 individuals about a June, 2021 data breach
Unknown
Human health and social work
CC
US
Jefferson Surgical Clinic
35
06/01/2022
8/12/2021
Early September 2021
?
Advent Health Partners
Advent Health Partners discloses a phishing incident.
Account Takeover
Human health and social work
CC
US
Advent Health Partners
36
06/01/2022
4/1/2022
4/1/2022
?
OG Department Store
The OG Department Store discloses a breach of customers’ personal data due to a breach to a third-party.
Unknown
Wholesale and retail
CC
SG
OG Department Store
37
07/01/2022
Since November 2021
-
FIN7
US defense industry
The Federal Bureau of Investigation (FBI) warns US companies that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices (BadUSB) to deploy the BlackMatter or REvil ransomware.
Malware
Public admin and defence, social security
CC
US
\Federal Bureau of Investigation, FBI, FIN7, USB, ransomware, BlackMatter, Revil, BadUSB
38
07/01/2022
From late November to early December 2021,
-
Patchwork APT (AKA Dropping Elephant, Chinastrats, or Quilted Tiger)
Multiple Organizations in Pakistan
Researchers from Malwarebytes reveal the details of the latest campaign of the Patchwork APT actors using malicious RTF documents impersonating Pakistani authorities to infect targets with a new variant of the BADNEWS RAT, known as Ragnatela.
QNAP warns customers to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.
Misconfiguration
Multiple Industries
CC
>1
QNAP, ransomware, brute-force
40
07/01/2022
Since 13/04/2021 to 01/07/2021
-
?
Town of Grass Valley
Grass Valley announces an extensive data breach involving the Social Security numbers and more of all city employees and vendors -- as well as anyone who had their information given to the local police department.
Unknown
Public admin and defence, social security
CC
US
Town of Grass Valley
41
07/01/2022
-
-
?
Indonesian Health Ministry
Reports emerge about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum. The attackers claim to have breached the Indonesian Health Ministry to obtain the data.
Unknown
Public admin and defence, social security
CC
ID
Indonesian Health Ministry
42
07/01/2022
8/10/2021
-
?
Compton and Broomhead Dental Center
Compton and Broomhead Dental Center is hit by threat actors who dump the stolen files.
Unknown
Human health and social work
CC
US
Compton and Broomhead Dental Center
43
07/01/2022
Between 09/06/2021 and 10/06/2021
10/06/2021
?
Monroe Public Schools
Monroe Public Schools notify a ransomware attack.
Malware
Education
CC
US
Monroe Public Schools
44
07/01/2022
-
-
?
TLO
An individual advertises access to TLO, a data tool by TransUnion typically used by private investigators to obtain sensitive information on targets
Unknown
Other service activities
CC
US
TLO, TransUnion
45
07/01/2022
-
14/07/2021
?
Suncoast Skin Solutions
Suncoast Skin Solutions starts notifying 57,730 patients about a ransomware attack that was discovered on July 14, 2021.
Malware
Human health and social work
CC
US
Suncoast Skin Solutions, ransomware
46
08/01/2022
During the first week of January 2022
During the first week of January 2022
?
Security researchers
Hackers are targeting cybersecurity researchers and developers in a sophisticated malware campaign distributing a malicious version of the dnSpy .NET application to install cryptocurrency stealers, remote access trojans, and miners.
Malware
Individual
CC
>1
dnSpy
47
08/01/2022
-
14/12/2021
Vice Society
Carthage R-9 district
Threat actors from Vice Society dump data from Carthage R-9 district.
Malware
Education
CC
US
Carthage R-9 district, ransomware, Vice Society
48
08/01/2022
-
-
?
Doxbin
Threat actors who use data-sharing website Doxbin have passwords, decryptor keys, multi-factor authentication codes and stealer logs leaked online.
Unknown
Other service activities
CC
N/A
Doxbin
49
09/01/2022
-
-
Lockbit 2.0
MCS Morandi
MCS Morandi is hit by Lockbit 2.0
Malware
Manufacturing
CC
IT
MCS Morandi, LockBit 2.0, ransomware
50
10/01/2022
-
-
Avos Locker
Undisclosed target
AvosLocker is the latest ransomware gang adding support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.
Malware
Unknown
CC
N/A
Avos Locker, ransomware, VMware ESXi
51
10/01/2022
Since 04/01/2022
4/1/2022
NightSky
Multiple Organizations
Researchers from Microsoft reveal that the NightSky ransomware gang is starting to exploit the critical CVE-2021-44228 Log4Shell vulnerability to gain access to VMware Horizon systems.
Researchers from Fortinet discover a new variant of the RedLine info-stealer distributed via emails using a fake COVID-19 Omicron stat counter app as a lure.
Malware
Multiple Industries
CC
>1
Fortinet, RedLine, COVID-19, Omicron
53
10/01/2022
-
-
Multiple threat actors
Multiple Organizations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updates its list of known exploited vulnerabilities with 15 new security issues currently used in attacks against federal enterprises.
Multiple unpatched vulnerabilities
Multiple Industries
>1
US
Cybersecurity and Infrastructure Security Agency, CISA
54
10/01/2022
Between 29/10/2021 and 31/10/2021
31/0/2021
?
Loyola University Medical Center (LUMC)
Loyola University Medical Center (LUMC) notifies 16,934 patients that some of their PHI has been exposed and potentially accessed by an unauthorized individual who gained access to an employee email account.
Account Takeover
Human health and social work
CC
US
Loyola University Medical Center, LUMC
55
10/01/2022
-
-
?
Siriraj Hospital
About 39 million purported patient records from Siriraj Hospital are offered for sale on an internet database-sharing forum.
Unknown
Human health and social work
CC
TH
Siriraj Hospital
56
10/01/2022
10/1/2022
10/1/2022
?
Lympo
Lympo, a sports' NFT platform, suffers a breach that lost the company close to $19 million in its native LMT token.
Unknown
Fintech
CC
LT
Lympo
57
10/01/2022
4/10/2021
16/10/2021
?
National Association of Community Health Centers
National Association of Community Health Centers discloses a ransomware attack.
Malware
Human health and social work
CC
US
National Association of Community Health Centers
58
11/01/2022
Since the second half of 2021
-
SysJoker
Multiple organizations
Researchers from Intezer discover a new multi-platform backdoor malware named 'SysJoker' targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems.
Malware
Multiple Industries
CC
>1
Intezer, SysJoker, Windows, Linux
59
11/01/2022
-
-
APT35 (aka Charming Kitten, TA453, or Phosphorus)
Multiple Organizations
Researchers from Check Point reveal that the Iranian APT35 state-backed group has been observed leveraging Log4Shell attacks to drop a new PowerShell backdoor called CharmPower.
Electronic Arts (EA) discloses that hackers used social engineering against EA’s customer experience team to bypass two-factor authentication and take over 50 FIFA 22 accounts.
Account Takeover
Arts entertainment, recreation
CC
>1
Electronic Arts, EA, FIFA 22
61
11/01/2022
Between September 2020 and December 2020
-
Multiple Russian state-sponsored threat actors
Local and tribal governments in the US
The Cybersecurity and Infrastructure Security Agency (CISA) releases an alert detailing a variety of tactics used by Russian state-sponsored groups to attack local and tribal governments across the US between September 2020 and December 2020.
Targeted Attack
Public admin and defence, social security
CE
US
Cybersecurity and Infrastructure Security Agency, CISA, Russia
62
11/01/2022
Between 24/06/2021 and 02/07/2021
24/9/2021
-
CIOX Health
The health information management services provider CIOX Health suffers a data breach due to a phishing attack that has affected at least 32 healthcare providers.
Account Takeover
Human health and social work
CC
US
CIOX Health
63
11/01/2022
Early December
-
ShinyHunters
Aditya Birla Group (ABG)
ShinyHunters claim to have hacked Aditya Birla Group, a major Indian fashion retailer and starts to leak the data.
Unknown
Wholesale and retail
CC
IN
Aditya Birla Group, ABG, ShinyHunters
64
11/01/2022
10/1/2021
-
?
Neenah schools
Neenah schools are hit by an apparent cyber attack.
Unknown
Education
CC
US
Neenah schools
65
11/01/2022
Mid-December
-
Vice Society
Hospital Centro de Andalucia
Hospital Centro de Andalucia discloses a Vice Society ransomware attack.
Malware
Human health and social work
CC
ES
Hospital Centro de Andalucia, Vice Society, Ransomware
66
11/01/2022
11/1/2022
11/1/2022
Lapsus$
Localiza
The Brazilian car rental firm Localiza is hit with a Lapsus$ ransomware attack.
Malware
Transportation and storage
CC
BR
Localiza, Lapsus$, ransomware
67
12/01/2022
-
-
OceanLotus AKA APT32, SeaLotus and Cobalt Kitty
Multiple Organizations
Researchers from Netskope discover a campaign by the OceanLotus group of state-sponsored hackers, using the web archive file format (.MHT and .MHTML) to deploy backdoors to compromised systems.
Researchers from AhnLab discover a new campaign distributing the Magniber ransomware in disguise of a fake Chrome and Firefox updates via Windows application package files (.APPX) signed with valid certificates.
Malware
Multiple Industries
CC
>1
AhnLab, Magniber, ransomware, Chrome, Firefox
69
12/01/2022
-
-
Lorenz
Hensoldt
Hensoldt, a multinational defense contractor headquartered in Germany, confirms that some of its UK subsidiary's systems were compromised in a Lorenz ransomware attack.
Malware
Professional, scientific and technical
CC
DE
Hensoldt, Lorenz, ransomware
70
12/01/2022
12/1/2022
12/1/2022
Vice Society
Argentina’s senate (Senado Argentina)
The web site of Argentina’s senate (Senado Argentina) is hit with a Vice Society ransomware attack.
Malware
Public admin and defence, social security
CC
AR
Argentina, Senado, Vice Society, ransomware
71
12/01/2022
-
-
?
35 journalists and activists from El Salvador
Citizen Lab reveals that the smartphones of dozens of journalists and activists from El Salvador have been hacked with a version of the Pegasus spyware.
Malware
Individual
CE
SV
Citizen Lab, Pegasus
72
12/01/2022
-
-
?
Albuquerque Public Schools
The Albuquerque Public Schools system is hit with a ransomware attack.
Malware
Education
CC
US
Albuquerque Public Schools, ransomware
73
12/01/2022
Since 26/10/2021
-
?
Multiple Organizations
Researchers from Cisco Talos discover a new campaign leveraging public cloud infrastructure, deploying the Nanocore, Netwire, and AsyncRAT payloads.
Malware
Multiple Industries
CC
>1
Cisco Talos, Nanocore, Netwire, AsyncRAT
74
12/01/2022
During January 2021
During January 2021
?
OneDigital
OneDigital, an insurance broker, discloses a ransomware attack.
Malware
Professional, scientific and technical
CC
US
OneDigital, ransomware
75
13/01/2022
During November 2021
During November 2021
BlueNoroff
Cryptocurrency startups
Researchers from Kaspersky discover SnatchCrypto, the latest campaign of the North Korean threat actor group known as 'BlueNoroff' targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions.
Malware
Fintech
CC
>1
Kaspersky, 'BlueNoroff', MetaMask, SnatchCrypto
76
13/01/2022
Since December 2021
During December 2021
Multiple threat actors
Office 365 users
Researchers from Avanan discover multiple campaigns where phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks.
Account Takeover
Multiple Industries
CC
>1
Avanan, Adobe Creative Cloud
77
13/01/2022
During the past three weeks
During the past three weeks
GootLoader
Law and accounting firms
Researchers from eSentire, warn law and accounting firms of a wide-spread GootLoader campaign.
Malware
Professional, scientific and technical
CC
>1
eSentire, GootLoader
78
13/01/2022
-
13/1/2022
?
SJD Accountancy
SJD Accountancy is hit with a cyber attack.
Unknown
Professional, scientific and technical
CC
UK
SJD Accountancy
79
13/01/2022
19/11/2021
-
Vice Society
Butler County Community College
Butler County Community College discloses a Vice Society ransomware attack.
Malware
Education
CC
US
Butler County Community College, ransomware, Vice Society
80
14/01/2022
14/1/2022
14/1/2022
GhostWriter AKA UNC1151
At least 15 websites belonging to various Ukrainian public institutions
At least 15 websites belonging to various Ukrainian public institutions are compromised, defaced, and subsequently taken offline (including the websites of the ministry of foreign affairs, agriculture, education and science, security and defense, and the online portal for the cabinet of ministers.)
CVE-2021-32648 vulnerability
Public admin and defence, social security
CW
UA
GhostWriter, UNC1151, CVE-2021-32648
81
14/01/2022
14/1/2022
14/1/2022
GhostWriter AKA UNC1151
Polish Ministry of National Defense
The Polish Ministry of National Defense announces that some of their databases containing sensitive military information were compromised
Unknown
Public admin and defence, social security
CW
PL
GhostWriter, UNC1151, CVE-2021-32648, Polish Ministry of National Defense
82
14/01/2022
-
-
?
Goodwill
American nonprofit Goodwill discloses a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform.
Unknown
Other service activities
CC
US
Goodwill, ShopGoodwill.com
83
14/01/2022
-
-
?
Nintendo players
Nintendo warns customers of multiple sites impersonating the Japanese video game company's official website and pretending to sell Nintendo Switch consoles at significant discounts.
Account Takeover
Arts entertainment, recreation
CC
>1
Nintendo
84
14/01/2022
"Recently"
"Recently"
?
VMware vSphere servers
Researchers from Uptycs discover an Xmrig cryptomining campaign targeting VMware vSphere servers.
Misconfiguration
Multiple Industries
CC
>1
Uptycs, VMware vSphere, Xmrig
85
14/01/2022
-
12/1/2022
?
Parasol Group
Parasol Group is hit with a cyber attack.
Unknown
Professional, scientific and technical
CC
US
Parasol Group
86
14/01/2022
-
12/1/2022
?
Nixon Williams
Nixon Williams is hit with a cyber attack.
Unknown
Professional, scientific and technical
CC
US
Nixon Williams
87
14/01/2022
14/1/2022
14/1/2022
?
North Korea's internet
North Korea's internet appears to have been hit by a second wave of outages, possibly caused by a distributed denial-of-service (DDoS) attack, a day after North Korea conducted its fifth missile in January.
DDoS
Information and communication
H
KP
North Korea
88
14/01/2022
Between 14/05/2021 and 16/05/2021
14/5/2021
?
NHS Management
NHS Management reveals to have been hit by a cyber attack.
Unknown
Human health and social work
CC
US
NHS Management
89
14/01/2022
16/11/2021
-
?
Volunteers of America
Volunteers of America Southwest California announces it was the victim of a phishing attack.
Account Takeover
Human health and social work
CC
US
Volunteers of America
90
14/01/2022
-
1/12/2021
?
Catholic Hospice
Catholic Hospice discloses to have suffered a phishing attack.
Account Takeover
Human health and social work
CC
US
Catholic Hospice
91
15/01/2022
Since 06/01/2021
-
Qlocker
Internet-exposed QNAP devices
Nixon Williams is hit with a cyber attack.
Misconfiguration
Multiple Industries
CC
>1
Qlocker, QNAP, ransomware
92
15/01/2022
Since 13/01/2021
13/1/2022
?
Multiple organizations in Ukraine
Microsoft warns of destructive data-wiping malware, dubbed WhisperGate, disguised as ransomware being used in attacks against multiple organizations in Ukraine.
Malware
Multiple Industries
CW
UA
Microsoft, WhisperGate, ransomware
93
15/01/2022
Between 19/03/2020 and 04/05/2020
-
?
City of Tenino
The City of Tenino discloses a phishing attack the cost the city $280,309 in public funds.
Account Takeover
Public admin and defence, social security
CC
US
City of Tenino
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
Finally I can summarize all the events and statistics collected in 2018, quite a complicated year from an infosec perspective. For those of you that keep asking...
2020 Cyber Attacks Statistics
2018: A Year of Cyber Attacks
The Biggest Data Breaches of 2023
April 2023 Cyber Attacks Timeline
Leaky Buckets in 2022
