And even the second timeline of February 2022 is finally out with 92 records that, distributed on 12 days, bring the average number of events per day to 7.07, an increase compared with the 6.67 events of the previous fortnight. I wished I would never find myself to comment events similar to the ones that are happening in these troubled days, but unfortunately this is not the case. And you could easily guess that I am referring to the Russian invasion of Ukraine, which inevitably ended up affecting the cyber space.
Despite ransomware attacks continue, and in this timeline there is at least one very high-profile victim, it is the Russian-Ukrainian front that has shown the higher level of activity, with additional attacks against Ukrainian entities carried out via DDoS, spear phishing campaigns and a new destructive malware called HermeticWiper, and on the other front, the Anonymous collective that has declared war to the Russian government and has been leaking data and bombarding multiple Russian institutions (mainly news outlet, banks and even the Kremlin) with prolonged DDoS attacks (and yes the attacks will also characterize the next timeline I am afraid).
Ransomware continues to characterize the threat landscape, but its percentage drops to 17.4% (16 out to 92 events) from 23.4% of the previous timeline (but the realĀ percentage could beĀ higher since many victims do not disclose the details of the outage and these events are counted as “Unknown”. The exploitation of vulnerabilities is another aspect that is characterizing this period: 8 out 92 events (8.7% vs 10.2% of the previous timeline) have been carried out exploiting vulnerabilities that in some cases also fueled ransomware attacks.
And even the massive attacks against companies operating in the fintech space continue: 17 users of the NFT OpenSea platform learnt it the hard way, suffering a loss of $2M worth.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
The first timeline of February 2022 is out with 98 events. This number represents a 7% decrease with regards to the second timeline of January, but if compared with the first timeline…
As usual, multiple cyber espionage operations appear in this timeline: a new stealthy backdoor of Chinese origin, called Daxin, has been uncovered, hidden for more than two years and deployed against multiple organizations. Similarly, multiple known actors populate the timeline such as: OilRig and MuddyWater (Iran), APT10 and APT27 (China), Sandworm (Russia). The list also includes two new operations carried out by an Iranian actor dubbed TunneVision (exploiting Log4j on VMware Horizon servers) and by Russian-backed attackers targeting U.S. cleared defense contractors (CDCs).
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/02/2022
Since at least January 2020
-
Russian-backed attackers
U.S. cleared defense contractors (CDCs)
The FBI, NSA, and CISA reveal in a joint advisory that Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info.
Malware
Public admin and defence, social security
CE
US
FBI, NSA, CISA, Russia, U.S. cleared defense contractors, CDC
2
16/02/2022
Between 2019 through 2021
-
Multiple threat actors
US organizations and individuals
The Federal Bureau of Investigation (FBI) warns that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.
Business Email Compromise
Multiple Industries
CC
US
FBI, BEC
3
16/02/2022
"Recently"
"Recently"
?
Users of Monzo
Users of Monzo, one of the UK's most popular digital-only banking platforms, are targeted by phishing messages supported by a growing network of malicious websites.
Account Takeover
Finance and insurance
CC
UK
Monzo
4
16/02/2022
Since October 2021
-
Kraken
Windows users
Researchers from ZeroFox reveal the details of Kraken, a Golang botnet in active deployment, able to
empty Windows usersā cryptocurrency wallets
Malware
Fintech
CC
>1
ZeroFox, Kraken, Golang
5
16/02/2022
-
-
TrickBot
Customers of 60 organizations worldwide
Researchers from Check Point reveal the details of a campaign leveraging the TrickBot malware against the customers of 60 "high profile" organizations, many of whom are located in the United States.
Malware
Finance and insurance
CC
>1
Check Point, TrickBot
6
16/02/2022
15/12/2021
20/12/2021
?
Extend Fertility
Extend Fertility discloses a ransomware attack impacting 10,373 patients.
Malware
Human health and social work
CC
US
Extend Fertility, ransomware
7
16/02/2022
18/11/2021
30/11/2021
?
Family Christian Health Center (FCHC)
Family Christian Health Center (FCHC) discloses to have suffered a ransomware attack.
Malware
Human health and social work
CC
US
Family Christian Health Center, FCHC, ransomware
8
16/02/2022
Since 01/02/2022
.
Multiple threat actors
Organizations in North America and the UK
Researchers from Egress discover a massive LinkedIn phishing campaign leveraging the 'Great Resignation'.
Account Takeover
Multiple Industries
CC
US
UK
Great Resignation, Egress, LinkedIn
9
16/02/2022
-
-
?
Global job listing site
Security researchers from Imperva claim to have stopped the largest bot attack theyāve ever seen, leveraging 400,000 compromised IP addresses to scrape web data.
Web scraping
Administration and support service
CC
N/A
Imperva, bot
10
16/02/2022
Since April 2018
-
OilRig, AKA APT34, Lyceum and Siamesekitten
Diplomatic organizations, technology companies and medical organizations in Israel, Tunisia and the United Arab Emirates
Researchers from ESET reveal the details of "Out to Sea", a campaign carried out by the Iran-linked APT group OilRig, targeting diplomatic organizations, technology companies and medical organizations in Israel, Tunisia and the United Arab Emirates.
Targeted Attack
Multiple Industries
CE
>1
ESET, Out to Sea, Iran, APT, OilRig, APT34, Lyceum, Siamesekitten
11
16/02/2022
-
-
?
Facebook users in Nigeria, Cameroon, Gambia, Zimbabwe, and Congo.
Meta removes a network of Facebook accounts originating in Saint Petersburg, Russia and targeting primarily Nigeria, Cameroon, Gambia, Zimbabwe, and Congo.
Fake News/Social Profiles
Individual
CW
>1
Meta, Facebook, Saint Petersburg, Russia, Nigeria, Cameroon, Gambia, Zimbabwe, Congo
12
17/02/2022
-
-
TunnelVision
Corporate networks in the Middle East and the United States
Researchers from SentinelOne reveal that an Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States.
Researchers from Avanan warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation.
Malware
Multiple Industries
CC
>1
Avanan, Microsoft Teams
14
17/02/2022
31/07/2021
06/08/2021
?
Fellowship Community
Fellowship Community discloses a data security incident.
Unknown
Human health and social work
CC
US
Bible Fellowship Church Homes, Fellowship Community
15
17/02/2022
-
17/05/2021
?
own Home Care
The New Jersey provider of home care services, Town Home Care, issues notifications to 5,591 individuals about a cyberattack that was detected and blocked on May 17, 2021, that resulted in protected health information being exposed.
Unknown
Human health and social work
CC
US
own Home Care
16
18/02/2022
Sometime after 05/02/2022
18/02/2022
?
Element Vape
Element Vape, a prominent online seller of e-cigarettes and vaping kits was serving a credit card skimmer on its live site, likely after getting hacked.
Malicious Script Injection
Wholesale and retail
CC
US
Element Vape
17
18/02/2022
17/12/2021
24/12/2021
?
Charlotte Radiology
Charlotte Radiology reveals to have suffered a "data security incident".
Unknown
Human health and social work
CC
US
Charlotte Radiology
18
20/02/2022
20/02/2022
20/02/2022
?
Expeditors International
Seattle-based logistics and freight forwarding company Expeditors International is targeted in a ransomware cyberattack that forces the organization to shut down most of its operations worldwide.
Malware
Administration and support service
CC
US
Expeditors International, ransomware
19
21/02/2022
During February 2022
During February 2022
?
Users of OpenSea
The non-fungible token (NFT) marketplace OpenSea is investigating a phishing attack that left 17 of its users without more than 250 NFTs worth around $2 million.
Account Takeover
Fintech
CC
>1
OpenSea, NFT
20
21/02/2022
-
-
?
Multiple organizations
Researchers from Ahnlab discover a new version of the CryptBot info stealer distributed via multiple websites that offer free downloads of cracks for games and pro-grade software.
Malware
Multiple Industries
CC
>1
Ahnlab, CryptBot
21
21/02/2022
"Recently"
"Recently"
?
Vulnerable Microsoft SQL Servers
Researchers from Ahnlab observe a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers.
Misconfiguration
Multiple Industries
CC
>1
Ahnlab, Cobalt Strike, Microsoft SQL Server
22
21/02/2022
Since the end of November 2021
-
APT10
Taiwanese financial sector
Researchers from CyCraft reveal the details of Operation Cache Panda, a campaign by the APT10 Chinese group targeting the Taiwanese financial sector.
Targeted Attack
Finance and insurance
CE
TW
CyCraft, Operation Cache Panda, APT10
23
21/02/2022
18/11/2021
18/11/2021
?
DNA Solutions
The personal data of an unknown number of victims of sexual assault is exposed following a breach at Oklahoma-based DNA Solutions.
Undisclosed vulnerability
Human health and social work
CC
US
DNA Solutions
24
21/02/2022
21/02/2022
21/02/2022
?
Washington Metropolitan Area Transit Authority (WMATA) Twitter account
The Washington Metropolitan Area Transit Authority (WMATA) says a hacker was responsible for several obscene messages which appeared on one of its social media accounts earlier this week.
Account Takeover
Transportation and storage
CC
US
Washington Metropolitan Area Transit Authority, WMATA, Twitter
25
21/02/2022
-
-
?
Multiple organizations
Researchers from Trend Micro discover a Mac coinminer using open-source binaries and the I2P network.
Malware
Multiple Industries
CC
>1
Trend Micro, Mac, coinminer, I2P
26
21/02/2022
-
-
?
Individuals in France
A sextortion campaign hits French-speaking people using images to evade detection.
Malicious spam
Individual
CC
FR
Sextortion, France
27
22/02/2022
During February 2022
During February 2022
Xenomorph
Users of dozens of financial institutions in Spain, Portugal, Italy, and Belgium.
Researchers from ThreatFabric discover a new malware called Xenomorph distributed through Google Play Store has infected more than 50,000 Android devices to steal banking information.
Malware
Finance and insurance
CC
>1
Spain, Portugal, Italy, Belgium, Google Play Store, Xenomorph, ThreatFabric
28
22/02/2022
"Recently"
Recently"
?
Multiple organizations
Researchers from JFrog reveal that they discovered 25 malicious JavaScript libraries from the official npm package repository.
Malware
Multiple Industries
CC
>1
JFrog, npm
29
22/02/2022
-
22/11/2021
?
Logan Health Medical Center
Logan Health Medical Center notifies certain patients that hackers gained access to a file server that housed patient information in āa highly sophisticated criminal attack.ā
Unknown
Human health and social work
CC
US
Logan Health Medical Center
30
22/02/2022
During 2020 and 2021
During 2020 and 2021
CitizenGO
Kenyan politicians and activists
Twitter removes more than 240 accounts, after the discovery of a coordinated campaign aiming to spread misinformation around women's health and reproductive rights in Kenya orchestrated by a right-wing Spanish organization.
Fake News/Social Profiles
Individual
H
KE
Twitter, CitizenGO
31
22/02/2022
-
23/01/2022
?
Taylor, Ganson & Perrin
The law firm Taylor, Ganson & Perrin discloses a data security incident.
Unknown
Professional, scientific and technical
CC
US
Taylor, Ganson & Perrin
32
22/02/2022
Between 06/06/2020 and 12/06/2020
17/07/2020
?
The Puerto Rican Organization to Motivate, Enlighten, and Serve Addicts (PROMESA)
The Puerto Rican Organization to Motivate, Enlighten, and Serve Addicts (PROMESA) discloses a phishing attack.
Account Takeover
Human health and social work
CC
PR
Puerto Rican Organization to Motivate, Enlighten, and Serve Addicts, PROMESA
33
22/02/2022
11/02/2022
11/02/2022
LockBit 2.0
ENIT (Italian Agency for the Tourism)
The LockBit 2.0 ransomware gangs publishes the data stolen from ENIT, the Italian Agency for the Tourism.
Malware
Public admin and defence, social security
CC
IT
ENIT, Italian Agency for the Tourism, LockBit 2.0, ransomware
34
22/02/2022
Between 07/04/2021 and 02/06/2021
-
?
Ultimate Care
Ultimate Care discloses a phishing attack.
Account Takeover
Human health and social work
CC
US
Ultimate Care
35
23/02/2022
23/02/2022
23/02/2022
?
Sites of several Ukrainian government agencies (including the Ministries of Foreign Affairs, Defense, and Internal Affairs, the Security Service, and the Cabinet of Ministers), and of the two largest state-owned banks Privatbank and Oschadbank
The sites of several Ukrainian government agencies (including the Ministries of Foreign Affairs, Defense, and Internal Affairs, the Security Service, and the Cabinet of Ministers), and of the two largest state-owned banks are again targeted by Distributed Denial-of-Service (DDoS) attacks.
DDoS
Multiple Industries
CW
UA
Ukrainian Ministries of Foreign Affairs, Defense, and Internal Affairs, Security Service, Cabinet of Ministers, Privatbank, Oschadbank
36
23/02/2022
23/02/2022
23/02/2022
Russia?
Ukrainian networks
Cybersecurity firms discover HermeticWiper (AKA FoxBlade), a new data wiper used in destructive attacks today against Ukrainian networks just as Russia moves troops into regions of Ukraine.
Malware
Multiple Industries
CW
UA
HermeticWiper, Russia, Ukraine, FoxBlade
37
23/02/2022
-
-
Entropy
Two undisclosed organizations
Researchers from Sophos reveal the details of Entropy, a new ransomware strain revealing code-level similarities with the general purpose Dridex malware that started as a banking trojan.
Malware
Multiple Industries
CC
>1
Entropy, Drides, ransomware, Sophos
38
23/02/2022
Since at least June 2019
-
Sandworm
WatchGuard Firebox and other Small Office/Home Office (SOHO) network devices.
In a joint report published by the NCSC (UK), CISA, FBI and NSA (USA), a new malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory.
Researchers from Mandiant reveal that the Cuba ransomware operation is now exploiting Microsoft Exchange vulnerabilities, including ProxyShell and ProxyLogon.
The DeadBolt ransomware is now targeting ASUSTOR NAS devices by encrypting files and demanding a $1,150 ransom in bitcoins.
Malware
Multiple Industries
CC
>1
DeadBolt, ransomware, ASUSTOR NAS
41
23/02/2022
Since mid-January 2022
-
Multiple threat actors
Multiple organizations in Ukraine
Researchers from Accenture reveal that deep web threat actors are posting advertisements for assets, including databases and breached networks, that could interest buyers involved in the ongoing Russia Ukraine conflict.
The username and password for an account at the John C. Fremont hospital is on offer by hackers on encrypted messenger chats
Account Takeover
Human health and social work
CC
US
John C. Fremont Hospital
44
23/02/2022
-
During January 2021
?
City of Ann Arbor
Hackers offer access to a Citrix server at the City of Ann Arbor, Michigan,
Account Takeover
Public admin and defence, social security
CC
US
City of Ann Arbor
45
23/02/2022
-
During January 2021
?
Water treatment facility in Europe
Hackers put on sale the access to a water treatment facility in Europe.
Account Takeover
Water supply, waste mgmt, remediation
CC
N/A
Water treatment facility in Europe
46
23/02/2022
-
During January 2021
?
Water treatment facility in Florida
Hackers put on sale the access to a water treatment facility in Florida.
Account Takeover
Water supply, waste mgmt, remediation
CC
US
Water treatment facility in Florida
47
23/02/2022
During Q4 2021
During Q4 2021
Multiple threat actors
Multiple organizations
Researchers from Kaspersky warn of large-scale business email compromise, or āBEC-as-a-service,ā campaigns after blocking thousands of attacks in the fourth quarter of 2021.
Business Email Compromise
Multiple Industries
CC
>1
Kaspersky, BEC, Business Email Compromise
48
23/02/2022
-
16/05/2021
?
Dr. Morrow OD
Dr. Morrow OD discloses a security incident.
Unknown
Human health and social work
CC
US
Dr. Morrow
49
24/02/2022
Between 11/02/2022 and 15/02/2022
-
?
Customers of Citibank
An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds.
Account Takeover
Finance and insurance
CC
US
Citibank
50
24/02/2022
Since at least 06/09/2021
-
Electron Bot
Individuals in Sweden, Israel, Spain, and Bermuda.
Researchers from Check Point reveal that a malware named Electron Bot has found its way into Microsoftās Official Store through clones of popular games such as Subway Surfer and Temple Run, leading to the infection of roughly 5,000 computers in Sweden, Israel, Spain, and Bermuda.
Malware
Multiple Industries
CC
>1
Check Point, Electron Bot, Microsoft, Sweden, Israel, Spain, Bermuda
51
24/02/2022
Since at least July 2019
-
APT27?
US Defense Contractor
Researchers from Palo Alto Networks reveal the details of an attack, part of the TiltedTemple cluster activity, targeting a US Defense Contractor through a stealthy Windows backdoor dubbed SockDetour.
MuddyWater (AKA Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros)
Critical Infrastructures worldwide
A joint advisory issued by the CISA, the FBI, the US Cyber Command's Cyber National Mission Force (CNMF), UK's National Cyber Security Centre (NCSC-UK), and the NSA reveal the details of a new Python backdoor dubbed Small Sieve, deployed by the Iranian APT MuddyWater in attacks targeting critical infrastructures worldwide.
Targeted Attack
Electricity, gas steam, air conditioning
CE
>1
CISA, FBI, US Cyber Command's Cyber National Mission Force, CNMF, UK National Cyber Security Centre, NCSC-UK, NSA, Python, Small Sieve, MuddyWater, Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros
53
24/02/2022
Since July 2021
-
Jester Stealer
Multiple organizations
Researchers from Cyble disclose the details of Jester Stealer, an infostealing piece of malware gaining popularity in the underground cybercrime community for its functionality and affordable prices.
Malware
Multiple Industries
CC
>1
Cyble, Jester Stealer
54
24/02/2022
20/02/2022
20/02/2022
?
Axis Communications
Axis Communications suffers a cyberattack that caused severe disruption in their systems.
Unknown
Manufacturing
CC
SE
Axis Communications
55
24/02/2022
24/02/2022
24/02/2022
Anonymous
Several Russian government websites, including the official Kremlin site
The Anonymous collective takes down several Russian government websites, including the official Kremlin site
DDoS
Public admin and defence, social security
H
RU
Anonymous, Ukraine, Russia, kremlin.ru
56
24/02/2022
20/08/2021
20/08/2021
?
Unnamed payment processing vendor
A data breach disclosed by Acro, a Japanese e-commerce company for beauty products, exposes the details of more than 100,000 payment cards. The breach is the result of exploitation of a vulnerability in a third-party payment processing vendor.
Undisclosed vulnerability
Finance and insurance
CC
JP
Acro
57
24/02/2022
26/01/2022
26/01/2022
?
Major, publicly traded integrated payments solution company located in North Americaā
Researchers from Armorblox detect a phishing campaign spoofing DocuSign and aimed at a major, publicly traded integrated payments solution company located in North America.
Account Takeover
Finance and insurance
CC
US
Armorblox, DocuSign
58
24/02/2022
24/02/2022
24/02/2022
?
Hays USD 489
Hays Unified School District suffers a ransomware attack.
Malware
Education
CC
US
Hays USD 489, Ransomware
59
24/02/2022
-
-
?
Gems Education
Gems Education, the largest education operator in the UAE, discloses to have suffered a cyber attack that had a minimal impact on the groupās operations.
Unknown
Education
CC
AE
Gems Education
60
24/02/2022
24/02/2022
24/02/2022
?
Official Twitter account for the Baltimore Stateās Attorneyās Office
The official Twitter account for the Baltimore Stateās Attorneyās Office is hacked.
Account Takeover
Public admin and defence, social security
CC
US
Twitter, Baltimore Stateās Attorneyās Office
61
24/02/2022
-
26/11/2021
?
Creative Services (CSI)
Creative Services (CSI) confirms that sensitive consumer was compromised as a result of a cyberattack.
Unknown
Professional, scientific and technical
CC
US
Creative Services, CSI
62
24/02/2022
-
-
?
Individuals in France
People in France are being warned to watch out for increasingly common carte Vitale (the national healthcare card) scams which seek to steal personal data.
Account Takeover
Individual
CC
FR
carte Vitale
63
25/02/2022
23/02/2022
23/02/2022
Lapsus$
Nvidia
US chipmaker giant Nvidia is hit by a cyber attack. Few days later it confirms the data breach and that data was stolen during the attack.
Unknown
Manufacturing
CC
US
Nvidia, Lapsus$
64
25/02/2022
-
-
UNC1151
Ukrainian armed forces personnel
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a spearphishing campaign, possibly originating from Belarus, targeting private email accounts belonging to Ukrainian armed forces personnel.
Targeted Attack
Public admin and defence, social security
CW
UA
Computer Emergency Response Team of Ukraine, CERT-UA, Ghostwriter, UNC1151
65
25/02/2022
-
-
Multiple threat actors
Multiple organizations
Multiple Computer Emergency Response Teams worldwide warn that threat actors are exploiting vulnerabilities in the Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services.
CVE-2022-23131 and CVE-2022-23134 vulnerabilities
Multiple Industries
>1
>1
CVE-2022-23131, CVE-2022-23134, Zabbix
66
25/02/2022
25/02/2022
25/02/2022
Anonymous
Russian Ministry of Defence
The collective Anonymous claims to have breached the database belonging to the Russian Ministry of Defence and leaks its database.
Unknown
Public admin and defence, social security
H
RU
Anonymous, Russian Ministry of Defence
67
25/02/2022
25/02/2022
25/02/2022
Anonymous
Local government websites in Russia
The Anonymous collective defaces some local government websites in Russia.
Defacement
Public admin and defence, social security
H
RU
Anonymous, Ukraine, Russia
68
25/02/2022
25/02/2022
25/02/2022
Anonymous
RT
The Anonymous collective takes down the website of the Russian news outlet RT.
DDoS
Information and communication
H
RU
Anonymous, RT
69
25/02/2022
22/02/2022
22/02/2022
?
Flurry Finance
Around $295,000 is drained from the vaults of decentralized finance (DeFi) platform Flurry Finance following a hack on its smart contracts.
Undisclosed vulnerability
Finance and insurance
CC
N/A
Flurry Finance, DeFi
70
25/02/2022
"In recent days"
"In recent days"
?
Polish government and national system for payment
The computer servers of the Polish government and the national system for payment clearing experience a series of cyber attacks.
Unknown
Public admin and defence, social security
CC
PL
Poland
71
25/02/2022
-
-
Conti
Spine Diagnostic & Pain Treatment
Spine Diagnostic & Pain Treatment is hit with a Conti ransomware attack.
New York Stateās Joint Commission on Public Ethics (JCOPE)
New York Stateās Joint Commission on Public Ethics (JCOPE) is forced to shut down its systems following a ādeliberate malicious cyber-attack.ā
Unknown
Public admin and defence, social security
CC
US
New York Stateās Joint Commission on Public Ethics, JCOPE
73
25/02/2022
Between 02/08/2021 and 26/10/2021
-
?
Montrose Regional Health
Montrose Regional Health notifies that over 52,000 individuals were impacted by unauthorized access to the email accounts of certain employees, between August 2 and October 26, 2021.
Account Takeover
Human health and social work
CC
US
Montrose Regional Health
74
26/02/2022
26/02/2022
26/02/2022
Anonymous
Tetraedr
The collective Anonymous exposes 200GB of emails from Belarusian weapons manufacturer Tetraedr.
Unknown
Manufacturing
H
RU
Anonymous, Tetraedr
75
26/02/2022
Early February
Early February
?
iTCo Solutions Ltd
iTCo Solutions Ltd discloses to have suffered a ransomware attack. The attackers claim to have stolen more than 4Gb of data.
Malware
Professional, scientific and technical
CC
NZ
iTCo Solutions Ltd, Ransomware
76
26/02/2022
-
-
Lampion
Portuguese Internet users
A new version of the ā trojan targets users in Portugal
Malware
Finance and insurance
CC
PT
Lampion
77
26/02/2022
-
28/12/2021
?
Bako Diagnostics (BakoDx)
Bako Diagnostics (BakoDx), announces it was the victim of a cyberattack that was discovered on December 28, 2021.
Unknown
Professional, scientific and technical
CC
US
Bako Diagnostics, BakoDx
78
26/02/2022
-
-
?
Multiple Buffer accounts
Buffer becomes aware that access was obtained to a number of Buffer accounts and those accounts were used to spread support for Russiaās invasion of Ukraine
Account Takeover
Information and communication
CC
US
Buffer
79
27/02/2022
26/02/2022
26/02/2022
?
Ukraine border control
A Ukraine border control station is struck with a data wiper cyberattack that slows the process of allowing refugees to cross into Romania.
Malware
Public admin and defence, social security
CW
UA
Ukraine border control, wiper
80
27/02/2022
27/02/2022
27/02/2022
?
Conti Ransomware Gang
A Ukrainian security researcher leaks over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine.
Unknown
N/A
CW
N/A
Conti, ransomware, Ukraine, Russia
81
27/02/2022
In the past several days'
-
UNC1151 AKA Ghostwriter
Ukrainian officials and military personnel
Facebook (now known as Meta) says it took down accounts used by a Belarusian-linked hacking group (UNC1151 or Ghostwriter) to target Ukrainian officials and military personnel on its platform to spread misinformation.
Meta detects and takes down a network of about 40 accounts, Pages and Groups on Facebook and Instagram, operating from Russia and Ukraine and targeting people in Ukraine across multiple social media platforms and through their own websites.
Fake News/Social Profiles
Individual
CW
UA
Meta, Russia, Ukraine
83
27/02/2022
27/02/2022
27/02/2022
IT Army of Ukraine
Multiple Russian and Belarusian websites
Key Russian websites and state online portals are taken offline by attacks claimed by the Ukrainian cyber police force. The list of the targets include: sberbank.ru, vsrf.ru, scrf.gov.ru, kremlin.ru, radiobelarus.by, rec.gov.by, sb.by, belarus.by, belta.by, tvr.by.
DDoS
Multiple Industries
CW
RU
BY
IT Army of Ukraine, sberbank.ru, vsrf.ru, scrf.gov.ru, kremlin.ru, radiobelarus.by, rec.gov.by, sb.by, belarus.by, belta.by, tvr.by.
84
27/02/2022
27/02/2022
27/02/2022
?
Twitter account of former intelligence specialist, Reality Winner
Twitter account of former intelligence specialist, Reality Winner is hacked by threat actors looking to target journalists at prominent media organizations.
Account Takeover
Individual
CC
US
Twitter, Reality Winner
85
27/02/2022
27/02/2022
27/02/2022
?
Bridgestone
Bridgestone-Firestone tire factories across North America and Latin America are hit by a cyberattack and send workers home for multiple days.
Unknown
Manufacturing
CC
US
Bridgestone, Firestone
86
27/02/2022
27/02/2022
27/02/2022
Cyber Partisans
Belarusian Railways
THe Belarusan Activist hackers Cyber Partisans claim to have breached computers that control the countryās trains and brought some to a halt, in an effort to disrupt Russian soldiers moving into Ukraine.
Unknown
Transportation and storage
H
BY
Cyber Partisans, Belarusian Railways, Ukraine
87
27/02/2022
-
-
LockBit 2.0
Strix Group
Strix Group, an Isle of Man firm which makes kettle safety controls is hit by a LockBit 2.0 ransomware attack.
Malware
Manufacturing
CC
UK
Strix Group, LockBit 2.0, ransomware
88
28/02/2022
28/02/2022
28/02/2022
?
Viasat
U.S.-listed satellite communications firm Viasat says it is investigating a suspected cyberattack that caused a partial outage in its residential broadband services in Ukraine and other European countries.
DDoS
Information and communication
CW
US
Viasat
89
28/02/2022
28/02/2022
28/02/2022
Anonymous
Russian media: TASS, RIA Novosti, Kommersant, Izvestiya and Forbes Russia
The Anonymous collective claims responsibility for defacing the websites of pro-Kremlin Russian media in protest of the invasion of Ukraine. Targets include the state news agencies TASS and RIA Novosti, as well as the websites of newspapers Kommersant, Izvestiya and Forbes Russia magazine.
The group known as āAgainstTheWestā (ATW) claims to have breached Rosatom, the Russiaās state nuclear energy corporation founded by Vladimir Putin himself.
Unknown
Electricity, gas steam, air conditioning
H
RU
AgainstTheWest, ATW, Rosatom, Vladimir Putin
91
28/02/2022
28/02/2022
28/02/2022
Ukraine IT Army
Moscow Exchange (moex.com)
The Ukraine IT Army claims to have taken down the website of the Moscow Exchange.
DDoS
Finance and insurance
CW
RU
Moscow Exchange, moex.com, Ukraine IT Army
92
28/02/2022
28/02/2022
28/02/2022
?
Kojima Industries
Giant Japanese automaker Toyota Motors announces a stop in the car production operations after a system failure at one of its suppliers of vital parts, Kojima Industries, which reportedly suffered a ransomware attack.
Malware
Manufacturing
CC
JP
Toyota Motors, Kojima Industries, ransomware
93
28/02/2022
25/02/2022
25/02/2022
?
AON
Professional services and insurance giant AON suffers a cyberattack that impacted a "limited" number of systems.
Unknown
Finance and insurance
CC
UK
AON
94
28/02/2022
Since at least November 2019
-
China-linked threat actor
Multiple organizations
Researchers from Symantec reveal the details of Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks that feature advanced threat detection capabilities.
Targeted Attack
Multiple Industries
CE
>1
Symantec, China, Daxin
95
28/02/2022
During February 2022
During February 2022
Multiple threat actors
Individuals
Scammers are targeting unsuspecting users via phishing webpages, forum posts, and email links enticing users to "help Ukraine" by donating cryptocurrency.
Account Takeover
Individual
CC
>1
Ukraine
96
28/02/2022
During January 2022
During January 2022
?
Individuals in Europe
Google's Threat Analysis Group (TAG) reveals to have taken down a "coordinated influence operation" connected to Belarus, Moldova, and Ukraine.
Fake News/Social Profiles
Individual
CC
>1
Google, Threat Analysis Group, TAG, Belarus, Moldova, Ukraine
97
28/02/2022
During January 2022
During January 2022
China?
Individuals in the US
Google TAG also reveals to have taken down a relatively large "influence operation linked to China." spreading Chinese spam content, but some uploaded content in both English and Chinese languages concerning China and US foreign events.
Google TAG also reveals to have terminated a coordinated influence operation linked to Turkey, sharing content in Arabic that was about news and current events in Libya.
Fake News/Social Profiles
Individual
CW
LY
Google, Threat Analysis Group, Turkey, Libya
100
28/02/2022
During January 2022
During January 2022
Iraq?
Individuals in Iraq
Google TAG also reveals to have terminated a coordinated influence operation linked to Iraq in support of the Iraqi Harakat Hoquq party.
Fake News/Social Profiles
Individual
H
IQ
Google, Threat Analysis Group, Iraq, Harakat Hoquq party
101
28/02/2022
18/12/2021
30/12/2022
?
Monongalia Health System (Mon Health)
Monongalia Health System (Mon Health) notifies patients, employees, and partners of a cyberattack that may have resulted in their data being stolen.
Unknown
Human health and social work
CC
US
Monongalia Health System, Mon Health
102
28/02/2022
Early December 2021
Early December 2021
Karma and Conti
Healthcare provider in Canada
Researchers from Sophos reveal that in early December, a healthcare provider in Canada was hit by two separate ransomware actors: Karma and Conti
EPIC Pharmacy Network, a buying group of over 1,500 independently owned pharmacies across the US, discloses to have suffered a phishing attack that impacted 28,776 individuals.
Account Takeover
Human health and social work
CC
US
EPIC Pharmacy Network
104
28/02/2022
27/12/2021
07/01/2022
?
Alliance Physical Therapy Group (APTG)
Alliance Physical Therapy Group (APTG) discloses to have suffered a hacking incident on 27/12/2021.
Unknown
Human health and social work
CC
US
Alliance Physical Therapy Group, APTG
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, donāt forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The āBreachometerā compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
Finally I can summarize all the events and statistics collected in 2018, quite a complicated year from an infosec perspective. For those of you that keep asking...
I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics.