The second timeline of January 2022 is out, bringing 99 events (corresponding to an average of 6.19 events/day), an 11% increase compared with the 88 events of the first timeline.
The novelty is that, despite ransomware continues to dominate the threat landscape, its impact dropped to 15.1% (corresponding to 15 out of 99 events directly or indirectly characterized by this threat) from 30% of the previous fortnight. Instead, what seems clear, is that the exploitation of vulnerabilities of any kind continues relentless, characterizing 15 out of 99 events, or in terms of percentage, 15.1% of events that is more than double than 7.1% of the previous period.
Another trend that is characterizing this initial part of the new year is the return of the massive hack against organizations in the fintech space. Qubit Finance and Crypto.com have suffered two massive attacks causing the loss of respectively $80 and $34 million worth. Similarly a bug in the Multichain protocol has been routinely exploited, totaling the equivalent of $1.5 million to the attackers.
And the new season of mega breaches has also begun: OpenSubtitles has joined the list, having been hit by a massive breach causing the compromise of 6.7 million accounts.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The cyber espionage front is naturally very rich, with multiple campaigns by well-known threat actors such as APT27 (AKA Emissary Panda), APT28 (AKA Fancy Bear), APT29 (AKA Cozy Bear), APT41 (AKA Winnti), APT-C-35 (AKA Donot Team), without considering the growing numbers of Individuals and governments that discovered or revealed to have been spied via the infamous Pegasus spyware.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/01/2022
Since at least 2019
During January 2019
?
15 primarily renewable energy and industrial technology organizations with a particular focus in Bulgaria
A large-scale cyber-espionage campaign is discovered targeting primarily renewable energy and industrial technology organizations active since at least 2019, targeting over fifteen entities worldwide.
Targeted Attack
Electricity, gas steam, air conditioning
CE
BG
Renewable
2
16/01/2022
-
-
?
Jackson Hospital
Jackson Hospital is hit with a ransomware attack.
Malware
Human health and social work
CC
US
Jackson Hospital, ransomware
3
17/01/2022
Since at least mid-2021
During mid-2021
Earth Lusca
Multiple Organizations
Researchers from Trend Micro discover a Chinese cyber-espionage group spying on strategic targets and performing financially-motivated attacks for their own profits.
Malware
Multiple Industries
CC/CE
>1
Trend Micro, Earth Lusca
4
17/01/2022
21/12/2021
21/12/2021
?
Arnprior Regional Health
Arnprior Regional Health discloses a cyber attack.
Unknown
Human health and social work
CC
CA
Arnprior Regional Health
5
17/01/2022
-
22/11/2021
?
Raveco Medical
Raveco Medical notifies 4,897 patients that some of their protected health information was potentially accessed by unauthorized individuals.
Unknown
Human health and social work
CC
US
Raveco Medical
6
18/01/2022
Since December 2021
During December 2021
FIN8
Multiple Organizations
A new ransomware family called 'White Rabbit' appears in the wild, and could be a side-operation of the FIN8 hacking group.
Malware
Multiple Industries
CC
>1
White Rabbit, FIN8
7
18/01/2022
Since 2016
-
Donot Team AKA APT-C-35 and SectorE02
Local governments, embassies, military units, and Ministries of Foreign Affairs of Asian targets
Researchers from ESET expose Donot Team, an Indian APT focused on targets of Asian countries.
Targeted Attack
Public admin and defence, social security
CE
>1
Donot Team, APT-C-35, SectorE02, ESET
8
18/01/2022
-
-
?
Individuals in the US
The Federal Bureau of Investigation (FBI) warns Americans that cybercriminals are using maliciously crafted Quick Response (QR) codes to steal their credentials and financial info.
Account Takeover
Individual
CC
US
Federal Bureau of Investigation, FBI, Quick Response, QR
9
18/01/2022
-
-
?
Vulnerable ZyXEL devices
A Mirai DDoS botnet variant targets ZyXEL networking devices vulnerable to the Log4Shell vulnerability.
CVE-2021-44228 Vulnerability
Multiple Industries
CC
>1
CVE-2021-44228, Log4Shell, ZyXEL
10
18/01/2022
During the first half of September 2021
-
?
Multiple Organizations
Researchers from Automattic reveal that unknown threat actors implanted backdoor code into multiple WordPress themes and plugins after compromising the website of their developer AccessPress Themes.
Malicious WordPress Plugin
Multiple Industries
CC
>1
Automattic, WordPress, AccessPress Themes
11
18/01/2022
-
-
Israeli Police?
Israeli Citizens
The NSO’s Pegasus spyware was used to remotely hack phones and extract information from Israeli citizens
Malware
Individual
CE
IL
NSO, Pegasus, Israeli Police
12
19/01/2022
-
-
?
Red Cross contactor
A cyberattack on a Red Cross contactor leads to the theft of personal data for more than 515,000 people in 'Restoring Family Links,' a program that helps reunite families separated by war, disaster, and migration.
Unknown
Extraterritorial orgs and bodies
CC
INT
Red Cross
13
19/01/2022
During August 2021
During August 2021
?
OpenSubtitles
OpenSubtitles, a website that provides free subtitles for movie fans, discloses that it was hacked last year and subsequently paid a ransom to silence the hacker about the attack. 6.7 million users are affected.
SQL Injection
Other service activities
CC
US
OpenSubtitles
14
19/01/2022
During December 2021
During December 2021
Conti
RR Donnelley
RR Donnelley confirms that threat actors stole data in a December Conti ransomware cyberattack.
Malware
Professional, scientific and technical
CC
US
RR Donnelley, Conti, Ransomware
15
19/01/2022
-
-
?
Cryptocurrency users
A novel modular crypto-wallet stealing malware dubbed 'BHUNT' is discovered targeting cryptocurrency wallet contents, passwords, and security phrases.
Malware
Fintech
CC
>1
BHUNT
16
19/01/2022
During the second half of 2021
During the second half of 2021
?
Multiple Organizations
A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials.
Account Takeover
Multiple Industries
CC
US
United States Department of Labor, Office 365
17
19/01/2022
-
-
?
Thousands of industrial organizations worldwide
Researchers from Kaspersky reveal that thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit.
Malware
Multiple Industries
CC
>1
Kaspersky, ICS
18
19/01/2022
Between 15/01/2021 and 02/04/2021
-
?
Houston Area Community Services, Inc., dba Avenue 360 Health and Wellness
Avenue 360 Health and Wellness discloses a phishing incident impacting the protected health information of 12,186 individuals
Account Takeover
Human health and social work
CC
US
Avenue 360 Health and Wellness, Houston Area Community Services
19
19/01/2022
-
-
Multiple threat actors
Multiple blockchain wallets
A bug in the cross-chain protocol Multichain is being exploited, totaling $1.5 million to cyber criminals.
Vulnerability
Fintech
CC
>1
Multichain
20
19/01/2022
-
-
?
India Co-WIN portal
Personal data of thousands of people in India is leaked from a government server and put on sale on Raid Forums. The data includes their name, mobile number, address and Covid test results.
Unknown
Public admin and defence, social security
CC
IN
Raid Forums, Co-WIN
21
19/01/2022
-
-
?
Sound Generations
Colorado Department of Human Services (CDHS) notifies 6,132 individuals that some of their protected health information has potentially been compromised in a cyberattack on one of its vendors – Sound Generations.
Unknown
Professional, scientific and technical
CC
US
Sound Generations, Colorado Department of Human Services, CDHS
22
20/01/2022
Since 2020
-
APT41 AKA Winnti
An organization in control of several enterprises dealing with transportation technology
Researchers from Kaspersky discover MoonBounce, "the most advanced" UEFI firmware implant found in the wild so far, linked to the Chinese-speaking APT41 hacker group.
Targeted Attack
Transportation and storage
CE
N/A
Kaspersky, MoonBounce, UEFI, APT41
23
20/01/2022
During December 2021
During December 2021
Conti
Bank Indonesia (BI)
Bank Indonesia (BI) confirms that a Conti ransomware attack hit its networks last month.
Malware
Finance and insurance
CC
ID
Conti, ransomware, Bank Indonesia, BI
24
20/01/2022
17/1/2022
17/1/2022
?
Crypto.com
Crypto.com confirms that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts and to the withdrawal of $34 million worth.
Unknown
Fintech
CC
SG
Crypto.com
25
20/01/2022
"Recently"
"Recently"
?
Multiple Organizations
A new phishing campaign impersonating Maersk, and using fake shipping delivery lures installs the STRRAT remote access trojan.
Malware
Multiple Industries
CC
>1
Maersk, STRRAT
26
20/01/2022
During December 2021
During December 2021
Molerats
Individuals in Palestine and Turkey
State-sponsored cyber attackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
Targeted Attack
Individual
CE
PS
TR
Molerts, Google Drive, Dropbox
27
20/01/2022
-
-
?
Facebook users in Finland
Finland's National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats.
Account Takeover
Individual
CC
FI
Facebook
28
20/01/2022
-
-
?
Vulnerable SolarWinds Serv-U file-sharing servers
A threat actor abuses Log4Shell in combination with a zero-day vulnerability in the SolarWinds Serv-U file-sharing server.
Researchers from Akamai discover a new cryptocurrency-related scam abusing the Amazon brand to dupe would-be investors into handing over Bitcoin.
Account Takeover
Fintech
CC
>1
Akamai, Amazon, Bitcoin
30
20/01/2022
Between 26/08/2021 and 14/09/2021
03/09/2021
?
Luminis Health Anne Arundel Medical Center
Luminis Health Anne Arundel Medical Center discloses a phishing attack.
Account Takeover
Human health and social work
CC
US
Luminis Health Anne Arundel Medical Center
31
20/01/2022
-
-
?
Multiple Organizations
Researchers from Barracuda Networks discover a phishing campaign exploiting COVID-19 tests.
Account Takeover
Multiple Industries
CC
>1
Barracuda Networks, COVID-19
32
20/01/2022
-
-
?
Griggsville-Perry School District
The Griggsville-Perry School District is hit with a ransomware attack.
Malware
Education
CC
US
Griggsville-Perry School District, ransomware
33
20/01/2022
-
03/11/2021
?
DataHEALTH
DataHEALTH, a cloud hosting and data storage company announces it was the victim of a ransomware attack,
Malware
Professional, scientific and technical
CC
US
DataHEALTH, ransomware
34
21/01/2022
18/01/2022
18/01/2022
Conti
Delta Electronics
The Conti ransomware gang hits Delta Electronics, a Taiwanese electronics manufacturing company and a major supplier of power components to companies like Apple and Tesla.
Malware
Manufacturing
CC
TW
Conti, ransomware, Delta Electronics, Apple, Tesla
35
21/01/2022
10/12/2021
10/12/2021
?
The Nobel Foundation and the Norwegian Nobel Institute
The Nobel Foundation and the Norwegian Nobel Institute disclose a cyber-attack that unfolded during the award ceremony on December 10, 2021.
DDoS
Other service activities
CC
NO
Nobel Foundation, Norwegian Nobel Institute
36
21/01/2022
21/01/2022
21/01/2022
?
Andorra Telecom
Andorra Telecom is hit by a wave of DDoS attacks that disrupt the internet connectivity for four days.
DDoS
Information and communication
CC
AD
Andorra Telecom
37
21/01/2022
-
-
?
"hundreds" of Office 365 customers
Microsoft warns that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.
Account Takeover
Multiple Industries
CC
>1
Microsoft 365, Oauth
38
21/01/2022
-
-
?
Vulnerable Control Web Panel (CWP) servers
Researchers from Octagon disclose two vulnerabilities of the CentOS Control Web Panel (CWP) web hosting panel possibly exploited in the wild.
CVE-2021-45467 and CVE-2021-45466 vulnerabilities
Multiple Industries
CC
>1
Octagon, Control Web Panel, CWP, CentOS
39
21/01/2022
Between 01/10/2021 and 04/10/2021
19/11/2021
Conti
Medical Healthcare Solutions
Medical Healthcare Solutions discloses a Conti ransomware attack.
Malware
Human health and social work
CC
US
Medical Healthcare Solutions, Conti, ransomware
40
21/01/2022
17/10/2021
17/10/2021
?
Vantage Healthcare Network, Inc.
Allegheny Health Network Home Infusion (AHNHI) is notified about a ransomware attack on one of its vendors, Vantage Healthcare Network, Inc.
Malware
Professional, scientific and technical
CC
US
Allegheny Health Network Home Infusion, AHNHI, Vantage Healthcare Network, Inc
41
21/01/2022
18/11/2021
18/11/2021
?
Jefferson Health
Jefferson Health notifies more than 9000 patients that unauthorized individuals gained access to an online health insurance portal used to submit billing information for payment.
Unknown
Human health and social work
CC
US
Jefferson Health
42
21/01/2022
22/06/2021
-
?
Sacramento County
Sacramento County confirms it was the victim of a phishing attack in June 2021 in which unauthorized individuals gained access to employee email accounts that contained the personal and protected health information of employees.
Account Takeover
Public admin and defence, social security
CC
US
Sacramento County
43
21/01/2022
21/01/2022
21/01/2022
?
Crypto Investors
A discarded Discord vanity URL for CryptoBatz, the NFT service launched by Ozzy Osbourne, is hijacked by cybercriminals to drain cryptocurrency wallets.
Account Takeover
Fintech
CC
>1
Discord, CryptoBatz, Ozzy Osbourne
44
21/01/2022
-
-
?
Patriot Front
The website of white supremacist website called Patriot Front is hacked, and 400 Gb of data leaked.
Unknown
Other service activities
H
US
Patriot Front
45
21/01/2022
During October 2021
During October 2021
?
Valley Regional Transit
Valley Regional Transit says the personal information of some 535 employees, contractors and customers may have been exposed during an October ransomware attack.
Malware
Transportation and storage
CC
US
Valley Regional Transit
46
21/01/2022
10/09/2021
10/09/2021
?
Charlotte YMCA
The Charlotte YMCA alerts some of its members about a ransomware attack occurred in September.
Malware
Human health and social work
CC
US
Charlotte YMCA, ransomware
47
21/01/2022
Between 24/02/2021 and 26/02/2021
-
?
Rise Florida Spine and Joint Institute
The iRise Florida Spine and Joint Institute discovers an employee email account containing the protected health information of 61,595 patients has been accessed by an unauthorized individual.
Account Takeover
Human health and social work
CC
US
Rise Florida Spine and Joint Institute
48
23/01/2022
-
-
?
Pennsbury School District
The Pennsbury School District reports a cyber attack.
Unknown
Education
CC
US
Pennsbury School District
49
24/01/2022
During December 2021
During December 2021
?
Multiple Organizations
Researchers from Netskope discover a campaign delivering multiple malware, such as AveMaria (a.k.a. Warzone) and AgentTesla, using Bitly to shorten URLs and different cloud services like MediaFire, Blogger, and GitHub to host the payloads.
A group of hackers (known as Belarusian Cyber-Partisans) claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus's national state-owned railway company.
Malware
Transportation and storage
H
BY
Belarusian Cyber-Partisans, Belarusian Railway
51
24/01/2022
-
-
BRATA
Android users
The Android malware known as BRATA has added new and dangerous features to its latest version, including GPS tracking, the capacity to use multiple communication channels, and a function that performs a factory reset on the device to wipe all traces of malicious activity.
Malware
Individual
CC
>1
BRATA, Android
52
24/01/2022
-
-
?
Vulnerable Sonicwall Mobile Access
Threat actors are now attempting to exploit the Sonicwall Mobile Access CVE-2021-20038 vulnerability in the wild.
CVE-2021-20038 vulnerability
Multiple Industries
CC
>1
Sonicwall Mobile Access, CVE-2021-20038
53
24/01/2022
"Recently"
"Recently"
?
Segway's online store (store.segway.com)
Segway's online store (store.segway.com) is compromised to include a malicious Magecart script that potentially allows threat actors to steal credit cards and customer information during checkout.
Malicious Script Injection
Manufacturing
CC
US
Segway, store.segway.com
54
24/01/2022
"Recently"
"Recently"
TrickBot
Multiple organizations
The notorious TrickBot malware receives new features that make it more challenging to research, analyze, and detect in the latest variants, including crashing browser tabs.
Malware
Multiple Industries
CC
>1
TrickBot
55
24/01/2022
Since October 2021
-
LockBit 2.0
VMware ESXi servers
A Linux version of the LockBit ransomware targets VMware ESXi servers.
Malware
Multiple Industries
CC
>1
Linux, LockBit, VMware ESXi
56
24/01/2022
24/01/2022
24/01/2022
?
OpenSea
A threat actor exploits a vulnerability in the backend of OpenSea, the internet’s largest NFT marketplace, to buy products at previous (lower) prices and then resell them at higher values, defrauding legitimate asset owners.
Unknown Vulnerability
Fintech
CC
US
Opensea
57
24/01/2022
24/01/2022
24/01/2022
?
City of Saint-Cloud
The city of Saint-Cloud is hit with a cyber attack.
Unknown
Public admin and defence, social security
CC
FR
Saint-Cloud
58
24/01/2022
-
-
Chinese government?
Australian Prime Minister Scott Morrison's WeChat account
The Chinese government is accused of foreign interference after Prime Minister Scott Morrison's account on WeChat is hijacked.
Account Takeover
Individual
CW
AU
Scott Morrison, WeChat, China
59
24/01/2022
-
-
Multiple threat actors
Crypto Investors
Researchers from Check Point warn that attackers are abusing misconfigurations in smart contracts to launch token rug pulls.
Misconfiguration
Fintech
CC
>1
Check Point, Smart contracts
60
24/01/2022
-
-
?
Multiple organizations
Researchers from Proofpoint discover a new .NET malware packer being used to deliver a variety of remote access trojans (RATs) and infostealers with a fixed password named after Donald Trump, giving the new find its name, “DTPacker.”
Malware
Multiple Industries
CC
>1
Proofpoint, DTPacker
61
24/01/2022
21/12/2021
21/12/2021
?
Spokane Regional Health District
The personal health information of more than 1,000 people may have been disclosed after a phishing attack at Spokane Regional Health District.
Account Takeover
Human health and social work
CC
US
Spokane Regional Health District
62
24/01/2022
13/01/2022
13/01/2022
?
Pembroke Pines
The city of Pembroke Pines falls victim to cyber criminals, becoming the latest in South Florida to be targeted in a rising wave of ransomware attacks.
Malware
Public admin and defence, social security
CC
US
Pembroke Pines, ransomware
63
24/01/2022
Between 24/11/2021 and 26/11/2021
25/11/2021
?
Spencer Gifts
Spencer Gifts discloses it discovered that unauthorized individuals gained access to its network between November 24, 2021, and November 26, 2021, and potentially viewed or obtained files containing the protected health information of 10,023 members of its health and welfare benefits plan.
Unknown
Wholesale and retail
CC
US
Spencer Gifts
64
24/01/2022
Since at least January 2021
Late 2021
APT36, AKA Earth Karkaddan
Indian military and diplomatic entities
Researchers from Trend Micro reveal that the politically motivated APT group dubbed APT36 has expanded its malware arsenal to include a new RAT dubbed CapraRAT in its espionage attacks aimed at Indian military and diplomatic entities.
Targeted Attack
Public admin and defence, social security
CE
IN
APT36, Earth Karkaddan, Trend Micro
65
25/01/2022
-
-
APT28 AKA Fancy Bear
High-ranking government and defense industry officials of a West Asian nation
Threat Actors from APT28 leverage Microsoft OneDrive services for command-and-control (C2) purposes in a sophisticated cyberespionage campaign aimed at high-ranking government and defense industry officials of a West Asian nation
Targeted Attack
Public admin and defence, social security
CE
N/A
APT28, Fancy Bear, Microsoft OneDrive
66
25/01/2022
-
19/1/2022
?
Global Affairs Canada
The Canadian government department for foreign and consular relations, Global Affairs Canada discloses it was hit by a cyberattack last week.
Unknown
Public admin and defence, social security
CC
CA
Global Affairs Canada
67
25/01/2022
25/01/2022
25/01/2022
DeadBolt
QNAP NAS devices worldwide
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.
Vulnerability
Multiple Industries
CC
>1
DeadBolt, ransomware, QNAP NAS devices
68
25/01/2022
During November 2021
During November 2021
?
Undisclosed organization in Asia
Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second (Tbps) distributed denial of service (DDoS) attack targeting an Azure customer from Asia in November.
DDoS
Unknown
CC
N/A
Azure
69
25/01/2022
Early November 2021
Early November 2021
Threat actors from China
Users and visitors of a pro-democracy radio station website in Hong Kong
A new watering hole attack has been discovered targeting macOS users and visitors of a pro-democracy radio station website in Hong Kong and infecting them with the DazzleSpy malware. The campaign exploits CVE-2021-1789 and CVE-2021-30869,
Targeted Attack
Individual
CE
HK
macOS, Hong Kong, DazzleSpy, CVE-2021-1789, CVE-2021-30869
70
25/01/2022
-
-
Multiple threat actors
Vulnerable VMware Horizon servers
VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks.
CVE-2021-44228 Vulnerability
Multiple Industries
CC
>1
VMware, Log4j security, Log4Shell, VMware Horizon
71
25/01/2022
Since at least Q4 2021
During Q4 2021
Chaes
Brazilian e-banking users
A large-scale campaign involving over 800 compromised WordPress websites is spreading banking trojans that target the credentials of Brazilian e-banking users via the Chaes trojan.
Malware
Finance and insurance
CC
BR
Chaes
72
25/01/2022
Since approximately August 2021
-
?
Corporate Instagram accounts
An extensive phishing campaign targets corporate Instagram accounts. The threat actors demand ransoms from the victims to restore access.
Account Takeover
Multiple Industries
CC
>1
Instagram
73
25/01/2022
25/01/2022
25/01/2022
?
Taylor Regional Hospital (TRH)
Taylor Regional Hospital (TRH) is paralyzed by a cyber attack.
Unknown
Human health and social work
CC
US
Taylor Regional Hospital, TRH
74
25/01/2022
18/01/2021
18/01/2021
?
Midland University in Nebraska
Midland University in Nebraska discloses to have suffered a ransomware attack.
Malware
Education
CC
US
Midland University in Nebraska
75
26/01/2022
"Recently"
"Recently"
?
Multiple Organizations
Microsoft's threat analysts uncover a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices onto the target's network and use them to distribute phishing emails.
Account Takeover
Multiple Industries
CC
>1
Microsoft, Azure AD
76
26/01/2022
Since March 2021
-
APT27 (AKA TG-3390, Emissary Panda, BRONZE UNION, Iron Tiger, and LuckyMouse)
German commercial organizations
The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group using the HyperBro remote access trojans.
BfV German domestic intelligence services, Bundesamt für Verfassungsschutz, APT27, HyperBro, Emissary Panda, BRONZE UNION, Iron Tiger, LuckyMouse, Zoho AdService Plus, Microsoft Exchange
77
26/01/2022
Since December 2021
-
FluBot
Android users in Australia, Germany, Poland, Spain, and Romania.
A new FluBot malware distribution campaign is discovered, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania.
Malware
Individual
CC
>1
FluBot, Android
78
26/01/2022
Since December 2021
-
TeaBot
Android users in Australia, Germany, Poland, Spain, and Romania.
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania.
Malware
Individual
CC
>1
TeaBot, Android
79
26/01/2022
-
-
?
macOS and iOS devices
Apple fixes two zero-days exploited in the wild to hack macOS, iOS devices.
CVE-2022-22587 and CVE-2022-22594 vulnerabilities
Unknown
N/A
N/A
Apple, CVE-2022-22587, CVE-2022-22594, macOS, iOS
80
26/01/2022
Since August 2020
-
Emennet Pasargad
Multiple Organizations in the US
The FBI issues an alert detailing the tools, techniques and tactics of Emennet Pasargad, an Iranian company targeting US organizations.
Targeted Attack
Multiple Industries
CE
US
Emennet Pasargad, Iran
81
26/01/2022
-
-
Prophet Spider
Vulnerable VMware Horizon deployments
Researchers from BlackBerry reveal that the Initial access broker group, Prophet Spider, has been found exploiting the Log4J vulnerability in VMware Horizon.
Researchers from Zimperium reveal that more than 105 million Android users downloaded and installed the Dark Herring scamware from Google Play and third-party app stores.
Malware
Individual
CC
>1
Zimperium, Android, Dark Herring, Google Play
83
26/01/2022
26/01/2022
26/01/2022
?
Puerto Rico’s Senate
Puerto Rico’s Senate announces that it was the target of a cyberattack that disabled its internet provider, phone system and official online page.
Unknown
Public admin and defence, social security
CC
PR
Puerto Rico’s Senate
84
26/01/2022
During 2021
-
?
Lama Fakih, senior staff member of Human Rights Watch
Human Rights Watch says that one of its senior staff members was targeted last year with Pegasus, the spyware designed by the Israeli hacker-for hire company NSO Group.
Targeted Attack
Extraterritorial orgs and bodies
CE
LB
Human Rights Watch, Pegasus, NSO Group, Lama Fakih
85
26/01/2022
During May 2019
-
?
Michal Kolodziejczak, a 33-year-old farmer and agrarian social movement leader
Researchers from Citizen Lab disclose a new victim of the NSO Group's Pegasus spyware in Poland.
Targeted Attack
Individual
CE
PL
Citizen Lab, NSO Group. Poland, Michal Kolodziejczak
86
26/01/2022
From late March to June of 2019
-
?
Tomasz Szwejgiert
Researchers from Citizen Lab disclose an additional victim of the NSO Group's Pegasus spyware in Poland.
Targeted Attack
Individual
CE
PL
Citizen Lab, NSO Group. Poland, Tomasz Szwejgiert
87
26/01/2022
26/01/2022
26/01/2022
?
North Korea's internet
North Korea's internet appears to have been hit by a second wave of outages, possibly caused by a distributed denial-of-service (DDoS) attack, a day after North Korea conducted its fifth missile in January.
DDoS
Information and communication
H
KP
North Korea
88
26/01/2022
-
During the week of 13/12/2021
?
Pace Center for Girls
Pace Center for Girls discovers that certain infrastructure systems were accessed by unauthorized individuals who may have viewed or acquired the sensitive data of current and former students.
Unknown
Human health and social work
CC
US
Pace Center for Girls
89
27/01/2022
Since December 2020
-
APT29 AKA Cozy Bear, The Dukes
Multiple Organizations
Researchers from Crowdstrike disclose the details of the latest wave of attacks from the StellarParticle campaign carried out by APT29.
Targeted Attack
Multiple Industries
CE
>1
Crowdstrike, APT29, The Dukes, StellarParticle
90
27/01/2022
Beginning 18/01/2022
18/01/2022
?
Multiple Organizations
A new campaign named ‘OiVaVoii’, targets company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.
The Iranian state broadcaster IRIB is briefly hijacked for a 10 seconds period.
Unknown
Information and communication
H
IR
People’s Mujahideen Organisation of Iran, PMOI, Mujahideen Khalq Organisation, MKO, IRIB, Islamic Republic of Iran Broadcasting
92
27/01/2022
-
-
LockBit 2.0
France’s Ministry of Justice
Cybercriminals from ransomware group LockBit 2.0 claim to have breached systems belonging to France’s Ministry of Justice and they are threatening to make public the files stolen from the government organization.
CVE-2021-22986 Vulnerability
Public admin and defence, social security
CC
FR
LockBit 2.0, France’s Ministry of Justice, ransomware
93
27/01/2022
-
-
?
Android Mobile Banking Users
A malicious mobile application called 2FA Authenticator, dropping the Vultur banking trojan, and distributed on Google Play is removed after being installed by more than 10,000 users
Malware
Finance and insurance
CC
>1
Android, Vultur
94
27/01/2022
During January 2021
During January 2021
White Tur
Defence, governmental and research organisations based in Serbia and Republika Srpska
Researchers from PwC discover a new threat actor, dubbed White Tur, observed employing various techniques borrowed from multiple advanced persistent threat (APT) actors.
Targeted Attack
Public admin and defence, social security
CE
RS
BA
White Tur, PwC
95
27/01/2022
During January 2022
During January 2022
?
Multiple Organizations
Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads.
Account Takeover
Multiple Industries
CC
US
DHL, U.S. Postal Service
96
27/01/2022
Since November 2021
During November 2021
?
Multiple Organizations
Researchers at Cofense discover a new Trickbot phishing campaign exploiting the lure of a missed parcel delivery.
Malware
Multiple Industries
CC
US
Cofense, Trickbot
97
27/01/2022
During December 2021
During December 2021
Aggah
Korean-speaking organizations
Researchers from HP detect a new campaign by the Aggah threat actor,targeting Korean-speaking organizations with fake purchase orders containing a PowerPoint Add-In files (.PPA) used to deliver Agent Tesla.
Malware
Multiple Industries
CC
KR
HP, Aggah, PowerPoint Add-In, Agent Tesla
98
28/01/2022
18/01/2022
18/01/2022
Lazarus Group AKA Hidden Cobra
Multiple Organizations
A new campaign by the Lazarus Group uses spear phishing attacks weaponized with malicious documents that use fake job opportunities masquerading as the global security and aerospace giant Lockheed Martin.
Targeted Attack
Multiple Industries
CE
>1
Lazarus Group, Hidden Cobra, Lockheed Martin
99
28/01/2022
Since the autumn of 2021
-
?
Finnish diplomats
Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign.
Targeted Attack
Public admin and defence, social security
CE
FI
Finland's Ministry for Foreign Affairs, NSO Group, Pegasus
100
28/01/2022
27/01/2022
27/01/2022
?
Qubit Finance
A threat actor uses an exploit to steal approximately $80 million from Qubit Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.
Unknown Vulnerability
Fintech
CC
N/A
Qubit Finance
101
28/01/2022
Since December 2021
During December 2021
Multiple threat actors
Ubiquiti network appliances
Threat actors are using a customized public exploit for the Log4Shell vulnerability to attack and take over Ubiquiti network appliances running the UniFi software.
CVE-2021-44228 Vulnerability
Multiple Industries
CC
>1
Ubiquiti Network, Log4Shell, CVE-2021-44228
102
28/01/2022
-
22/01/2021
?
Indian Army
Researchers from Cyble reveal that threat actors are targeting the Indian Army by creating fake, malicious versions of legitimate apps, such as Armaan, used by military personnel.
Targeted Attack
Public admin and defence, social security
CE
IN
Cyble, Indian Army, Armaan
103
28/01/2022
-
30/11/2021
?
Philadelphia FIGHT Community Health Centers
Philadelphia FIGHT Community Health Centers announces it was the victim of a cyberattack.
Unknown
Human health and social work
CC
US
Philadelphia FIGHT Community Health Centers
104
31/01/2022
Between 14/07/2021 and 18/08/2021
Between 14/07/2021 and 18/08/2021
Gamaredon (AKA Armageddon or Shuckworm)
Multiple Organizations in Ukraine
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) are spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.
Targeted Attack
Multiple Industries
CE
UA
Russia, Gamaredon, Armageddon, Shuckworm
105
31/01/2022
-
-
Eternal Silence
Vulnerable UPnP routers
A malicious campaign known as 'Eternal Silence' abusing Universal Plug and Play (UPnP) turns routers worldwide into proxy servers used to launch malicious attacks while hiding the location of the threat actors.
A new campaign by MuddyWater targets private organizations in Turkey alongside the country's government.
Targeted Attack
Multiple Industries
CE
TR
MuddyWater, Mercury, Static Kitten
107
31/01/2022
Between 14/09/2021 and 18/09/2021
1/10/2021
?
Advocates Inc.,
Advocates Inc., announces it recently experienced a sophisticated cyberattack and data theft incident.
Unknown
Human health and social work
CC
US
Advocates Inc.,
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
The Biggest Data Breaches of 2023
Q2 2023 Cyber Attacks Statistics
July 2023 Cyber Attacks Statistics
16-31 July 2023 Cyber Attacks Timeline
The Biggest Data Breaches of 2021
