The first timeline of February 2022 is out with 98 events. This number represents a 7% decrease with regards to the second timeline of January (105 events), but if compared with the first timeline of the previous month (91 events), shows a 7% increase. However the numbers are considerably lower than this same period one year ago when the peak of activity for 2021 was achieved.
Ransomware continues to dominate the threat landscape, mainly thanks to the BlackCat operation, characterizing 23 out of 98 events (23.4% vs 14.3% and 30.7% respectively for the first and the second timeline of January). Similarly, the exploitation of vulnerabilities continues to characterize this initial part of 2022: 10 out 98 events (10.2%) have been carried out exploiting vulnerabilities of any kind (it was respectively 6.5% and 14.3% for the first and second timeline of January 2022.
Massive hacks against companies operating in the fintech space continue: Wormhole suffered a huge $326M worth loss (but luckily the funds were recovered shortly after), unfortunately KLAYswap and Meter.io were not so lucky loosing respectively the equivalent of $1.9M and$4.4M in cryptocurrencies.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
Inevitably, the war in Ukraine has crossed the boundaries of cyber space. This country was targeted by multiple cyber attacks and influence campaigns allegedly orchestrated by Russia.
The cyber espionage front is also very rich and not only in Ukraine thanks to the Gamaredon group. Multiple well-known threat actors characterize this timeline including APT35 (AKA Phosphorus or Charming Kitten), TA402 (AKA Molerats), ot TA406 (AKA Kimsuky), and Arid Viper (AKA Desert Falcon, Two-tailed Scorpion, or APT C-23).
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/02/2022
29/01/2022
29/01/2022
BlackCat
Oiltanking GmbH
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, falls victim to a cyberattack that severely impacts its operations.
Mabanaft GmbH, a German petrol distributor who supplies Shell gas stations in the country, falls victim to a cyberattack that severely impacts its operations.
Morley Companies Inc., a business services provider, discloses a data breach after suffering a ransomware attack on August 1st, 2021, allowing threat actors to steal data before encrypting files.
Malware
Administration and support service
CC
US
Morley Companies Inc, ransomware
4
01/02/2022
Over the past months
Over the past months
APT35 (aka Phosphorus or Charming Kitten)
Multiple organizations
Researchers from Cybereason discover that the Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.
A new and powerful infostealer malware named ‘Mars Stealer’ has appeared in the wild, and appears to be a redesign of the Oski malware
Malware
Multiple Industries
CC
>1
Oski, Mars Stealer
6
01/02/2022
31/01/2022
31/01/2022
?
Multiple organizations
A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware.
Malware
Multiple Industries
CC
>1
CSV, BazarBackdoor
7
01/02/2022
-
-
?
Job seekers in the US
The FBI warns that Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms.
Account Takeover
Individual
CC
US
FBI
8
01/02/2022
-
-
?
Multiple organizations
Researchers from Mandiant discover a new SEO poisoning campaign, dropping the Batloader and Atera Agent malware onto the systems of targeted professionals searching for productivity tool downloads, such as Zoom, TeamViewer, and Visual Studio.
Malware
Multiple Industries
CC
>1
Mandiant, SEO poisoning. Batloader, Atera Agent, Zoom, TeamViewer, Visual Studio
9
01/02/2022
"Recently"
"Recently"
Sugar
Multiple organizations
Researchers from Walmart Security Team discover Sugar, a new ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands.
Malware
Multiple Industries
CC
>1
Walmart Security Team, Sugar
10
01/02/2022
01/02/2022
01/02/2022
Adalat Ali (Ali’s Justice)
Telewebion
A hacktivist group known as Adalat Ali (Ali’s Justice) hijacks the web stream of Telewebion, the web-based TV of Iran’s state-owned television station, the Islamic Republic of Iran Broadcasting (IRIB), in order to broadcast an anti-regime message.
Accounting and tax software provider Intuit issues a first warning for an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.
Account Takeover
Multiple Industries
CC
>1
Intuit
12
01/02/2022
Since October 2021
-
Moses Staff
Organizations in multiple countries, including Italy, India, Germany, Chile, Turkey, UAE, and the US.
Researchers from Cybereason reveal the details of StrifeWater, a Remote Access Tool used by the Iranian APT Moses Staff.
Targeted Attack
Multiple Industries
CE
>1
Cybereason, StrifeWater, Moses Staff
13
01/02/2022
During the last two years
-
?
Banks in Portugal, Spain, Brazil, Mexico, Chile, the UK, France and other countries.
A massive social engineering campaign targeting banks has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, UK, and France.
Account Takeover
Finance and insurance
CC
>1
Portugal, Spain, Brazil, Mexico, Chile, UK, France
14
01/02/2022
SInce at least October 2021
During October 2021
?
Multiple organizations
Researchers from Sophos discover a campaign distributing the SolarMarker information stealer and backdoor (also known as Jupyter or Polazert) combining search engine optimization (SEO) targeting with custom-made MSI installer packages.
Malware
Multiple Industries
CC
>1
Sophos, SolarMarker
15
01/02/2022
Between 10/06/2021 and 23/06/2021
14/06/2021
?
Professional Personnel Service, Inc., and its affiliated companies d/b/a Luttrell Staffing Group (“Luttrell Staffing“)
Luttrell Staffing discloses a ransomware attack.
Malware
Professional, scientific and technical
CC
US
Professional Personnel Service, Inc., Luttrell Staffing Group, Luttrell Staffing
16
02/02/2022
02/02/2022
02/02/2022
?
Wormhole
Hackers exploit a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency, After a few days the stolen amount is recovered.
Vulnerability
Fintech
CC
N/A
Wormhole
17
02/02/2022
28/01/2022
28/01/2022
Conti
KP Snacks
KP Snacks, a major producer of popular British snacks is hit by the Conti ransomware group affecting distribution to leading supermarkets.
Malware
Accommodation and food service
CC
UK
KP Snacks, Conti, Ransomware
18
02/02/2022
30/01/2022
30/01/2022
?
Sea-Invest
Sea-Invest, an important oil terminal in Ghent (Belgium) is hit with a cyber attack.
Unknown
Transportation and storage
CC
BE
Sea-Invest, Ghent
19
02/02/2022
30/01/2022
30/01/2022
?
Evos
Evos, an important oil terminal in the Netherlands is hit with a cyber attack.
Unknown
Transportation and storage
CC
NL
Evos
20
02/02/2022
Since October 2021
-
Arid Viper (AKA Desert Falcon, Two-tailed Scorpion, or APT C-23)
Palestinian entities and activists
Researchers from Cisco Talos discover a new campaign by the Arid Viper APT, believed to be located in Palestine, targeting Palestinian entities and activists via a new Delphi malware called Micropsia.
Researchers from Cado Security discover a new malware family, dubbed Coinstomp, targeting Asian cloud service providers to mine cryptocurrency.
Malware
Professional, scientific and technical
CC
>1
Cado Security, Coinstomp
22
02/02/2022
Since October 2021
During October 2021
UpdateAgent
Multiple organizations
Researchers from Microsoft discover a new campaign carried out with the Mac malware UpdateAgent, distributing the Adload payload.
Malware
Multiple Industries
CC
>1
Microsoft, Mac, UpdateAgent, Adload
23
02/02/2022
Over the last six months
-
Multiple threat actors
Multiple organizations
A research from WhiteSource reveals that more than 1,300 malicious packages have been identified in the JavaScript package repository npm, in the last six months.
Malware
Multiple Industries
CC
>1
WhiteSource, JavaScript, npm
24
03/02/2022
More than 18 months, between 2020 and 2021
-
Antlion
Financial organizations and manufacturing companies in Taiwan
Researchers from Broadcom reveal the details of Antlion, a state-backed Chinese APT actor using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.
Targeted Attack
Multiple Industries
CE
TW
Broadcom, Antlion, 'xPack'
25
03/02/2022
During December 2021
14/12/2021
?
European media and government organizations
Researchers from Volexity reveal the details of Operation EmailThief, a campaign targeting European media and government organizations, exploiting a Zimbra 0-day vulnerability.
Zimbra 0-day vulnerability
Multiple Industries
CE
EU
Volexity, Operation EmailThief, Zimbra
26
03/02/2022
-
-
Multiple threat actors
Multiple organizations
Researchers from Proofpoint reveal that threat actors are using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time even when multi-factor authentication is used.
Account Takeover
Multiple Industries
CC
>1
Proofpoint, multi-factor authentication, MFA
27
03/02/2022
-
-
?
Multiple organizations
Accounting and tax software provider Intuit issues a second warning for an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.
Account Takeover
Multiple Industries
CC
>1
Intuit
28
03/02/2022
11/12/2021
07/01/2022
?
Puma
Sportswear manufacturer Puma is hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021.
Malware
Wholesale and retail
CC
US
Puma, ransomware, Kronos
29
03/02/2022
Early September 2021
Early September 2021
?
National Games of China
Researchers from Avast reveal that an unidentified hacking group has gained access to the internal IT network of the September 2021 National Games of China.
Targeted Attack
Arts entertainment, recreation
CE
CN
Avast, National Games of China.
30
03/02/2022
03/02/2022
03/02/2022
?
KLAYswap
Hackers steal roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.
BGP hijack
Fintech
CC
KR
KLAYswap
31
03/02/2022
Since January 2022
During January 2022
?
Multiple organizations
Researchers from Avanan discover a campaign distributing malware via a PowerPoint add-on.
Malware
Multiple Industries
CC
>1
Avanan, PowerPoint
32
03/02/2022
19/01/2022
19/01/2022
Gamaredon (AKA ACTINIUM, Primitive Bear)
Western government entity operating in Ukraine.
Researchers from Palo Alto discover a new campaign by the Gamaredon group operating from Russia, trying to attack a Western government outfit located in Ukraine.
Injured Workers Pharmacy reports a data breach discovered when suspicious activity was detected in an employee email account.
Account Takeover
Human health and social work
CC
US
Injured Workers Pharmacy
34
03/02/2022
Since January 2022
-
Multiple threat actors
Multiple organizations
Threat actors expolit a LinkedIn redirection feature called 'Slink' for phishing campaigns.
Account Takeover
Multiple Industries
CC
>1
LinkedIn, Slink
35
04/02/2022
Since October 2021
-
Gamaredon (AKA ACTINIUM, Primitive Bear)
Ukrainian entities and organizations
Researchers from Microsoft reveal that the Gamaredon group is also behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021.
American media and publishing giant News Corp discloses that it was the target of a "persistent" cyberattack, which reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists.
Targeted Attack
Information and communication
CE
US
News Corp
37
04/02/2022
04/02/2022
04/02/2022
BlackCat (ALPHV)
Swissport International
Aviation services company Swissport International discloses a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays.
The Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to patch their systems against CVE-2022-21882, an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges.
CVE-2022-21882 Vulnerability
Public admin and defence, social security
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-21882
39
04/02/2022
24/01/2022
During the week of 24/01/2022
?
Washington Department of Licensing (DOL)
The Washington Department of Licensing (DOL) discloses that it suffered a security breach to its online web-based database POLARIS, and that the personal data of hundreds of thousands of licensed professionals may have been exposed.
Unknown
Public admin and defence, social security
CC
US
Washington Department of Licensing, DOL, POLARIS
40
04/02/2022
-
-
?
Foreign, Commonwealth and Development Office (FCDO)
The UK government reveals the occurrence of a “serious cyber security incident” that affected the Foreign, Commonwealth and Development Office (FCDO)
Unknown
Public admin and defence, social security
N/A
UK
Foreign, Commonwealth and Development Office, FCDO
41
04/02/2022
10/12/2021
-
?
South Shore Hospital (SSH)
South Shore Hospital (SSH) notifies nearly 116,000 individuals of a data security incident that may have led to PHI exposure.
Unknown
Human health and social work
CC
US
South Shore Hospital, SSH
42
04/02/2022
20/01/2022
-
?
Ohlone Community College District
Ohlone Community College District is hit with a ransomware attack.
Malware
Education
CC
US
Ohlone Community College District, ransomware
43
04/02/2022
04/02/2022
04/02/2022
?
GiveSendGo
GiveSendGo claims to have been hit by a DDoS attack after starting raising funds for Freedom Convoy’s truckers protesting against COVID-19 vaccine passports.
DDoS
Other service activities
CC
US
GiveSendGo, Freedom Convoy, COVID-19
44
04/02/2022
-
-
?
Thai University Central Admission System
The personal information of over 23,000 students is stolen as a result of the Thai University Central Admission System being hacked.
Unknown
Education
CC
TH
Thai University Central Admission System
45
04/02/2022
Between 05/12/2021 and 06/12/2021
Hive
Syndicat Intercommunal d’Informatique (SII)
The Syndicat Intercommunal d’Informatique (SII) is hit with a Hive ransomware attack and as a consequence multiple municipalities are affected.
Hong Kong Technology Venture Company Limited (HKTV)
A security breach at HKTV, one of Hong Kong’s largest online shopping platforms leads to the unauthorized access of customer information such as delivery addresses, recipient names and contact numbers.
Unknown
Wholesale and retail
CC
HK
Hong Kong Technology Venture Company Limited, HKTV
47
05/02/2022
05/02/2022
05/02/2022
?
Meter
Blockchain infrastructure company Meter says that $4.4 million was stolen during a cyberattack on the platform.
Vulnerability
Fintech
CC
US
Meter
48
05/02/2022
-
-
LockBit 2.0
PayBito
The LockBit ransomware operators claim to have stolen customers’ data from the PayBito crypto exchange.
Malware
Finance and insurance
CC
US
LockBit, ransomware, PayBito
49
07/02/2022
During 2021
During 2021
Roaming Mantis
Android and iPhone users in Germany and France
Researchers from Kaspersky reveal that the Roaming Mantis SMS phishing campaign has finally reached Europe, targeting users in Germany and France via the Wroba trojan.
Malware
Individual
CC
DE
FR
Kaspersky, Roaming Mantis, Wroba, iOS, Android
50
07/02/2022
During January 2021
During January 2021
Medusa
Android Banking Users
Researchers from Threat Fabric reveal that the Medusa Android banking Trojan is now targeting more countries.
Malware
Finance and insurance
CC
>1
Threat Fabric, Medusa, Android
51
07/02/2022
09/12/2021
15/12/2021
?
Cross Timbers Health Clinics, Inc/ d/b/a AccelHealth
AccelHealth discloses to have suffered a ransomware attack.
Malware
Human health and social work
CC
US
Cross Timbers Health Clinics, Inc, AccelHealth, ransomware
52
07/02/2022
Between 23/09/2021 and 18/10/2021
13/10/2021
?
National Math and Science Initiative (NMSI)
The National Math and Science Initiative (NMSI) discloses a security breach due to an unauthorized actor who “may have had access to certain systems.”
Unknown
Education
CC
US
National Math and Science Initiative, NMSI
53
08/02/2022
07/02/2022
07/02/2022
?
Vodafone Portugal
Vodafone Portugal suffers a possible ransomware attack causing country-wide service outages, including the disruption of 4G/5G data networks, SMS texts, and television services.
Malware
Information and communication
CC
PT
Vodafone Portugal, Ransomware
54
08/02/2022
24/01/2022
26/02/2022
Kimsuky AKA TA406
Organizations in South Korea
Researchers from AhnLab discover a new wave of activity from the Kimsuky hacking group, involving the commodity open-source remote access tool xRAT dropped with their custom backdoor, Gold Dragon.
Targeted Attack
Multiple Industries
CE
KR
AhnLab, Kimsuky, TA406, xRAT, Gold Dragon
55
08/02/2022
From November 2021 until late January 2022
During late 2021
TA402 (AKA Molerats)
Governments in Middle East, foreign policy think tanks, and a state-owned airline
Researchers from Proofpoint discover a new campaign by the Palestinian APT group tracked as TA402 (AKA Molerats) using a new implant named 'NimbleMamba' in a cyber-espionage campaign.
Targeted Attack
Multiple Industries
CE
>1
Proofpoint. TA402, Molerats, NimbleMamba
56
08/02/2022
Since 2018
-
Multiple threat actors
Single individuals in the US
The Federal Bureau of Investigation (FBI) issues a warning saying that criminals have escalated SIM swap attacks to steal millions by hijacking victims' phone numbers.
Account Takeover
Individual
CC
US
FBI, SIM Swapping
57
08/02/2022
-
-
Russia?
Ukraine
The Security Service of Ukraine (SSU) reveals that it shut down a bot farm that was spreading panic on social media and had also been used to send out bomb threats.
Fake News/Social Profiles
Public admin and defence, social security
CW
UA
Security Service of Ukraine, SSU
58
08/02/2022
08/02/2022
08/02/2022
?
Pop TV
A cyber-attack disrupts the operations of Pop TV, Slovenia’s most popular TV channel, in an incident believed to be an extortion attempt.
Malware
Information and communication
CC
SL
Pop TV, Ransomware
59
08/02/2022
Since at least May 2021
-
PrivateLoader
Multiple organizations
Researchers from Intel 471 reveal the details of PrivateLoader, a pay-per-install loader used to distribute multiple malware strains, such as Smokeloader, Redline and Vidar.
Researchers from Sansec discover a massive Magecart campaign targeting over 500 e-commerce stores running the Magento 1 platform and involving a single domain loading a credit card skimmer on all of them.
Malicious Script Injection
Wholesale and retail
CC
>1
Sansec, Magecart, Magento
61
08/02/2022
Since at least October 2021
During October 2021
?
Single Individuals
Five clones of The Pirate Bay have been serving malicious ads to more than seven million users each month.
Malvertising
Individual
CC
>1
The Pirate Bay
62
08/02/2022
During the last two weeks
-
?
Multiple organizations
Researchers from Vade discover more than 400 campaigns using the old Right-to-Left Override (RLO) technique to disguise malicious files and harvest credentials.
Malware
Multiple Industries
CC
>1
Vade, Right-to-Left Override, RLO
63
08/02/2022
Between 02/02/2021 and 22/03/2021
-
?
LendUS, LLC
LendUS, LLC discloses it suffered a phishing incident.
Account Takeover
Finance and insurance
CC
US
LendUS, LLC
64
09/02/2022
Starting from 27/01/2022
27/01/2022
?
Multiple organizations
Researchers from HP reveal that threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing the RedLine stealer malware.
Malware
Multiple Industries
CC
>1
HP, RedLine stealer, Windows 11
65
09/02/2022
During the last two months
-
Multiple threat actors
Multiple organizations
Researchers from Uptycs reveal that malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe.
Malware
Multiple Industries
CC
>1
Uptycs, Squiblydoo, Qbot, Lokibot, Microsoft Office, regsvr32.exe
66
09/02/2022
Since at least 2012
-
ModifiedElephant
Human rights activists, human rights defenders, academics, and lawyers across India
Researchers from SentinelOne reveal the details of a threat actor dubbed ModifiedElefant, operating secretly for a decade, using readily-available trojans through spear-phishing pushing keyloggers and remote access trojans like NetWire and DarkComet, and even Android malware.
Croatian phone carrier 'A1 Hrvatska' discloses a data breach exposing the personal information of 10% of its customers, roughly 200,000 people.
Unknown
Information and communication
CC
HR
A1 Hrvatska
68
09/02/2022
During January 2022
During January 2022
?
Multiple organizations
Researchers from Inky discover a credential harvesting operation abusing the Campaign Monitor marketing platform.
Account Takeover
Multiple Industries
CC
>1
Inky, Campaign Monitor
69
09/02/2022
During January 2022
During January 2022
?
Multiple organizations
Researchers from Inky discover a credential harvesting operation abusing the Mailchimp marketing platform.
Account Takeover
Multiple Industries
CC
>1
Inky, Mailchimp
70
09/02/2022
During December 2021
During December 2021
?
Williamsville Central School District
The Williamsville Central School District says it was the victim of a cybersecurity breach in December when a limited number of spam emails containing potential malicious links were sent to parents by an unauthorized user.
Unknown
Education
CC
US
Williamsville Central School District
71
10/02/2022
Since at least August 2020
"Recently"
FritzFrog
Healthcare, education, and government systems worldwide
Researchers from Akamai reveal that the peer-to-peer FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server.
Misconfiguration
Multiple Industries
CC
>1
Akamai, FritzFrog
72
10/02/2022
-
-
?
Undisclosed target(s)
Apple releases security updates to fix CVE-2022-22620, a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs.
CVE-2022-22620 Vulnerabilities
Unknown
N/A
N/A
Apple, CVE-2022-22620, iPhones, iPads, and Macs.
73
10/02/2022
-
-
Multiple threat actors
Multiple organizations
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) adds to the catalog of vulnerabilities 15 additional vulnerabilities actively exploited in cyberattacks.
Taxpayers in the UK are warned about a series of scam text messages claiming to be from the HMRC (Her Majesty Revenue and Customs).
Account Takeover
Individual
CC
UK
HMRC, Her Majesty Revenue and Customs
75
10/02/2022
-
-
Avos Locker
Jax Spine and Pain Centers (JAX)
Avos Locker adds Jax Spine and Pain Centers (“JAX”) to their leak site.
Malware
Human health and social work
CC
US
Avos Locker, Jax Spine and Pain Centers, JAX, ransomware
76
10/02/2022
-
25/01/2022
?
CVS Pharmacy
CVS Pharmacy says it was the victim of a password spraying attack that allowed hackers to gain access to certain customer accounts on its retail website,
Password spraying
Wholesale and retail
CC
US
CVS Pharmacy
77
11/02/2022
During the last three months
During the last three months
BlackByte
At least three organizations from US critical infrastructure sectors
The US Federal Bureau of Investigation (FBI) reveals that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.
Malware
Electricity, gas steam, air conditioning
CC
US
US Federal Bureau of Investigation, FBI, BlackByte, ransomware
78
11/02/2022
11/01/2022
11/01/2022
Hive
Emil Frey
Emil Frey, one of Europe's biggest car dealers, confirms it was hit with a Hive ransomware attack.
Malware
Wholesale and retail
CC
CH
Emil Frey, Hive, Ransomware
79
11/02/2022
09/01/2021
-
?
Jackson County Hospital
Jackson County Hospital provides notice to its patients that its network was accessed during a ransomware attack.
Unknown
Human health and social work
CC
US
Jackson County Hospital, ransomware
80
11/02/2022
-
09/02/2022
?
Harbour Plaza Hotel Group
More than a million customers of the Harbour Plaza Hotel group are being advised to be on their guard for possible scams after its booking database came under a cyber attack.
Unknown
Accommodation and food service
CC
HK
Harbour Plaza Hotel Group
81
11/02/2022
-
30/09/2021
?
Comprehensive Health Services (CHS)
Comprehensive Health Services discloses a security breach.
Unknown
Human health and social work
CC
US
Comprehensive Health Services, CHS
82
13/02/2022
13/02/2022
13/02/2022
BlackByte
San Francisco 49ers
The NFL's San Francisco 49ers team is hit with a ransomware attack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.
Malware
Arts entertainment, recreation
CC
US
San Francisco 49ers, BlackByte, Ransomware
83
13/02/2022
-
-
Multiple threat actors
Multiple e-commerce stores
Adobe rolls out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that’s being exploited in the wild.
CVE-2022-24086 Vulnerability
Wholesale and retail
CC
>1
Adobe, Adobe Commerce, Magento Open Source, CVE-2022-24086
84
14/02/2022
"Currently"
"Currently"
Russia?
Ukraine
The Security Service of Ukraine (SSU) reveals that the country is the target of an ongoing "wave of hybrid warfare,"
Fake News/Social Profiles
Public admin and defence, social security
CW
UA
Security Service of Ukraine, SSU, Russia, Ukraine
85
14/02/2022
04/02/2022
04/02/2022
?
Mizuno
Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after its North America unit is hit by ransomware.
Malware
Wholesale and retail
CC
US
Mizuno, Ransomware
86
14/02/2022
-
-
?
Undisclosed target(s)
Google releases Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix CVE-2022-0609, a high-severity zero-day vulnerability used by threat actors in attacks.
Researchers from Fortinet discover a campaign carried out via an Excel spreadsheet that purports to contain information about NFTs, but distributing the BitRAT malware.
Malware
Individual
CC
>1
Fortinet, Excel, NFTs, BitRAT
88
14/02/2022
-
-
?
GiveSendGo
Distributed Denial of Secrets, a leak site, says it has received a cache of information, including about donors to the Ottawa truckers’ Freedom Convoy protest, after fundraising site GiveSendGo is targeted by hackers.
Unknown
Other service activities
CC
US
Distributed Denial of Secrets, Freedom Convoy, GiveSendGo
89
14/02/2022
-
-
Chaos AKA Holy Water
Players of 'Cities: Skylines'
The developer of several popular mods for the Cities: Skylines city-building game is banned after malware is discovered hidden in their mods.
Malware
Arts entertainment, recreation
CC
>1
Chaos, Holy Water, 'Cities: Skylines'
90
14/02/2022
14/02/2022
14/02/2022
?
Customers of UnionBank of the Philippines
Researchers from Cyren report that customers of UnionBank of the Philippines are the target of SMS phishing attacks offering a gift of $200 (10,000 Philippine pesos) as a Valentine’s Day treat for being a “loyal customer” of the bank.
Account Takeover
Finance and insurance
CC
PH
Cyren, UnionBank of the Philippines, Valentine’s Day
91
14/02/2022
Between 12/02/2022 and 19/02/2022
19/02/2021
?
Minimally Invasive Surgery of Hawaii (MISH)
Minimally Invasive Surgery of Hawaii (MISH) notifies patients affected by a ransomware attack in which their protected health information may have been compromised.
Malware
Human health and social work
CC
US
Minimally Invasive Surgery of Hawaii, MISH, ransomware
92
14/02/2022
-
16/12/2021
?
Priority Health
Priority Health discloses to have discovered an unauthorized access to some of its Priority Health Member Portal (PHMP) accounts.
Unknown
Human health and social work
CC
US
Priority Health
93
15/02/2022
15/02/2022
15/02/2022
Russia?
Multiple organizations in Ukraine
The Ministry of Defense and the Armed Forces of Ukraine and two of the country's state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank), are hit by Distributed Denial-of-Service (DDoS) attacks.
DDoS
Multiple Industries
CW
UA
Ukraine, Ministry of Defense and the Armed Forces, Privatbank, Oschadbank
94
15/02/2022
Since at least 2017
-
TA2541
Organizations in the aviation, transportation, and travel space
Researchers from Proofpoint reveal that for years, a low-skilled attacker, possibly from Nigeria, has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries.
Malware
Transportation and storage
CC
>1
Proofpoint, TA2541, Nigeria
95
15/02/2022
"Recently"
"Recently"
?
Multiple organizations
Researchers from Sophos discover a campaign where the Squirrelwaffle malware loader was used in conjunction with the ProxyLogon and ProxyShell exploits to target unpatched Microsoft Exchange servers.
ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) and ProxyLogon vulnerability (CVE-2021-26855)
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) adds to the catalog of vulnerabilities 9 additional vulnerabilities actively exploited in cyberattacks.
Cookware and bakeware distribution giant Meyer Corporation starts informing employees of a possible ransomware cyberattack that resulted in the theft of some of their personal data.
Malware
Administration and support service
CC
US
Meyer Manufacturing, Conti, Ransomware
98
15/02/2022
Since at least 21/12/2021
21/12/2021
Emotet
Multiple organizations
Researchers from Palo Alto discover a campaign distributing Emotet through malicious Excel files.
Malware
Multiple Industries
CC
>1
Palo Alto, Emotet, Excel
99
15/02/2022
21/12/2020
During October 2021
?
City of Baltimore
A report reveals that Baltimore city was tricked out of hundreds of thousands of dollars ($376,213) last year by a cyber-criminal posing as a vendor.
Business Email Compromise
Public admin and defence, social security
CC
US
City of Baltimore
100
15/02/2022
-
-
?
Single individuals in the UK
People in the UK are warned about a series of scam text messages claiming to be from NHS Test and Trace.
Account Takeover
Individual
CC
UK
NHS Test and Trace
101
15/02/2022
10/12/2021
10/12/2021
?
La Posada at Park Centre
La Posada at Park Centre discloses a ransomware incident.
Malware
Human health and social work
CC
US
La Posada at Park Centre
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
Exactly as I did one year ago, I have decided to publish the aggregated statistics related to all the events (a total of 1061 cyber attacks) that I collected during 2016. Again, I want to stress that the data for the statistics is derived from ...
Q3 2023 Cyber Attacks Statistics
The Biggest Data Breaches of 2023
2022 Cyber Attacks Statistics
16-30 September 2023 Cyber Attacks Timeline
2016 Cyber Attacks Statistics
