And even the second timeline of February 2022 is finally out with 92 records that, distributed on 12 days, bring the average number of events per day to 7.07, an increase compared with the 6.67 events of the previous fortnight. I wished I would never find myself to comment events similar to the ones that are happening in these troubled days, but unfortunately this is not the case. And you could easily guess that I am referring to the Russian invasion of Ukraine, which inevitably ended up affecting the cyber space.

Despite ransomware attacks continue, and in this timeline there is at least one very high-profile victim, it is the Russian-Ukrainian front that has shown the higher level of activity, with additional attacks against Ukrainian entities carried out via DDoS, spear phishing campaigns and a new destructive malware called HermeticWiper, and on the other front, the Anonymous collective that has declared war to the Russian government and has been leaking data and bombarding multiple Russian institutions (mainly news outlet, banks and even the Kremlin) with prolonged DDoS attacks (and yes the attacks will also characterize the next timeline I am afraid).

Ransomware continues to characterize the threat landscape, but its percentage drops to 17.4% (16 out to 92 events) from 23.4% of the previous timeline (but the real  percentage could be  higher since many victims do not disclose the details of the outage and these events are counted as “Unknown”. The exploitation of vulnerabilities is another aspect that is characterizing this period: 8 out 92 events (8.7% vs 10.2% of the previous timeline) have been carried out exploiting vulnerabilities that in some cases also fueled ransomware attacks.

And even the massive attacks against companies operating in the fintech space continue: 17 users of the NFT OpenSea platform learnt it the hard way, suffering a loss of $2M worth.

As usual, multiple cyber espionage operations appear in this timeline: a new stealthy backdoor of Chinese origin, called Daxin, has been uncovered, hidden for more than two years and deployed against multiple organizations. Similarly, multiple known actors populate the timeline such as: OilRig and MuddyWater (Iran), APT10 and APT27 (China), Sandworm (Russia). The list also includes two new operations carried out by an Iranian actor dubbed TunneVision (exploiting Log4j on VMware Horizon servers) and by Russian-backed attackers targeting U.S. cleared defense contractors (CDCs).

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • September 2023 Cyber Attacks Statistics

    In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.

  • Image by noCap XL from Pixabay16-30 September 2023 Cyber Attacks Timeline

    The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...

  • Photo by Towfiqu barbhuiya on UnsplashThe Biggest Data Breaches of 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...

  • August 2023 Cyber Attacks Statistics

    After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.