As you can easily imagine, the first cyber attacks timeline of March 2022 is characterized by the invasion of Ukraine carried out by the Russian Federation, which is obviously affecting the cyber space as well.
I tried to keep the pace with the multiple attacks that the Anonymous and their affiliates have carried out against Russian assets, probably the timeline is a little bit confused and there are some overlaps, hopefully you will appreciate the effort. At the end I have collected 17 events related to the Anonymous (17% of the sample given that this timeline has 100 records) and 13 events (13% of the sample) related to Cyber Warfare.
This complicated situation has also impacted the cyber espionage front, where there have been multiple operations connected with the Ukrainian situation, such as the ‘Asylum Ambuscade’ carried out by the Belarusian actor Ghostwriter and targeting European government personnel involved in managing the logistics of refugees fleeing Ukraine (and this is not the only operation by the same group present in this timeline). Other actors involved in the Ukrainian situation involve the Chinese group ‘Mustang Panda’. Other state-sponsored threat actors that appear in this timeline include APT28, APT31, and APT41.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
And even the second timeline of February 2022 is finally out with 92 records that, distributed on 12 days, bring the average number of events per day to 7.07, an increase compared with…
Ransomware attacks drop to a 8% low (despite the real number is probably much higher given that in multiple cases, appearing in the timeline as ‘Unknown’, the organizations do not disclose the reason of the attack that led to an outage. Similarly, also the attacks caused by vulnerabilities reached the lower value of the last few months with 7%.
Last but not least, the $Lapsus extortion group started its hacking spree, leaking the source code of a well-known manufacturer of mobile devices.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
01/03/2022
24/02/2022
-
?
Multiple targets in Ukraine
Researchers from ESET discover a new wiper malware dubbed IsaacWiper targeting Ukrainian organizations.
Malware
Multiple Industries
CW
UA
ESET, IsaacWiper, Ukraine
01/03/2022
Since at least 24/02/2022
24/02/2022
TA445 AKA UNC1151, Ghostwriter
European government personnel involved in managing the logistics of refugees fleeing Ukraine
Researchers from Proofpoint identify Asylum Ambuscade, a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine.
Researchers from CloudSEK discover a large-scale campaign involving over 200 phishing and scam sites, cloning eBike brands, and tricking users into giving their personal data to fake investments schemes impersonating genuine brands.
Account Takeover
Individual
CC
IN
CloudSEK, eBike
01/03/2022
End of February 2022
End of February 2022
?
Individuals worldwide
Scammers target unsuspecting users via phishing webpages, forum posts, and email links enticing users to "help Ukraine" by donating cryptocurrency.
Account Takeover
Individual
CC
>1
Crypto, Ukraine
01/03/2022
During February 2022
During February 2022
?
Android users
Researchers from Cleafy reveal that the TeaBot banking trojan is spotted once again in Google Play Store, posing as a QR code app and spreading to more than 10,000 devices.
Malware
Finance and insurance
CC
>1
Cleafy, TeaBot, Google Play Store
01/03/2022
Since 25/02/2022
Since 25/02/2022
?
Academic websites and universities in Ukraine
Researchers from Wordfence record a massive wave of attacks against Ukrainian WordPress sites since Russia invaded Ukraine, aiming to take down the websites and cause general demoralization.
WordPress vulnerabilities
Education
CW
UA
Wordfence, Ukraine, WordPress, Russia
01/03/2022
"In recent weeks"
"In recent weeks"
Multiple threat actors
Multiple organizations
Researchers from Akamai begin to observe multiple DDoS campaigns leveraging a new technique known as TCP Middlebox Reflection.
DDoS
Multiple Industries
CC
>1
Akamai, TCP middlebox reflection
01/03/2022
-
-
Anonymous
Russian Ministry of Economic Development
The Anonymous collective claims to have leaked the database of the RUssian Ministry of Economic Development.
Unknown
Public admin and defence, social security
H
RU
01/03/2022
-
-
Anonymous
Undisclosed target
The Anonymous collective claims to have hacked into IP cameras used to monitor the movements of Ukrainians.
Unknown
Public admin and defence, social security
H
RU
Anonymous, Russia, Ukraine
01/03/2022
-
-
NB65
Roscosmos
NB65, a group of hackers affiliated with Anonymous claims to have disrupted Roscosmos, the Russian space agency, and in particular Russia’s vehicle monitoring system.
Unknown
Public admin and defence, social security
H
RU
NB65, ANonymous, Roscosmos
01/03/2022
01/03/2022
01/03/2022
?
Caritas Internationalis
An online press conference via Zoom by a Catholic charity on the humanitarian situation in Ukraine is disrupted by a stream of obscenities.
Zoom bombing
Mining and quarrying
H
VA
Zoom,Caritas Internationalis, Ukraine
01/03/2022
-
-
?
Tuloso Midway ISD
Tuloso Midway ISD reports a security incident.
Unknown
Education
CC
US
Tuloso Midway ISD
02/03/2022
-
-
Ukraine IT Army?
Multiple organizations in Russia
The Russian government shares a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks.
DDoS
Multiple Industries
CW
RU
Russia, Ukraine, Ukraine IT Army
02/03/2022
Between 21/11/2021, and 18/01/2022
18/01/2022
?
Crossroads Health
Crossroads Health identifies a data security incident that impacted more than 10,300 individuals.
Unknown
Human health and social work
CC
US
Crossroads Health
03/03/2022
03/03/2022
03/03/2022
Russia
Ukrainian government and regional authorities' websites
The Security Service of Ukraine (SSU) says that "enemy" hackers are using compromised local government and regional authorities' websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia.
Unknown
Public admin and defence, social security
CW
UA
Russia, Ukraine
03/03/2022
Between February and March 2022
Early March 2022
?
Multiple organizations
A new malware campaign impersonates VC firms looking to buy sites but in reality distributing malware.
Malware
Multiple Industries
CC
>1
Malware
03/03/2022
-
-
?
Multiple organizations
Threat actors are using stolen NVIDIA code signing certificates to sign malware.
Malware
Multiple Industries
CC
>1
NVIDIA
03/03/2022
-
-
SharkBot
Android Banking users
Researchers from NCC Group discover that the SharkBot banking malware has infiltrated the Google Play Store, posing as an antivirus with system cleaning capabilities.
Malware
Finance and insurance
CC
>1
NCC Group, SharkBot, Google Play Store, Android
03/03/2022
03/03/2022
03/03/2022
?
Treasure
A vulnerability in the Treasure NFT marketplace causes the theft of more than 100 NFTs.
Undisclosed vulnerability
Accommodation and food service
CC
N/A
Treasure, NFT
03/03/2022
23/12/2021
06/01/2022
?
Michigan Medicine
Michigan Medicine begins notifying 2,920 patients of an email data breach that potentially exposed some protected health information
Account Takeover
Human health and social work
CC
US
Michigan Medicine
03/03/2022
03/03/2022
03/03/2022
v0g3lSec
Russian Space Research Institute (IKI)
Hacktivists from a group going by the Twitter handle of “v0g3lSec” deface a subdomain of the website of a Russian Space Research Institute (IKI) and leak some data.
Defacement
Public admin and defence, social security
H
RU
v0g3lSec, Russian Space Research Institute, IKI, Russia, Ukraine
04/03/2022
-
-
Lapsus$
Samsung Electronics
The Lapsus$ data extortion group leaks 190GB of confidential data they claim to be from Samsung Electronics. Few days later the company confirms to have suffered the breach.
Unknown
Manufacturing
CC
KR
Samsung Electronics, Lapsus$
04/03/2022
Since 01/03/2021
Since 01/03/2021
?
Organizations in the manufacturing industry
Researchers from Bitdefender discover a campaign using a phishing theme related to the invasion of Ukraine, and distributing the Agent Tesla RAT.
Malware
Manufacturing
CC
>1
Bitdefender, Agent Tesla
04/03/2022
Since 01/03/2021
Since 01/03/2021
?
Multiple organizations
Researchers from Bitdefender discover a second campaign using a phishing theme related to the invasion of Ukraine, and distributing the Remcos RAT.
Malware
Manufacturing
CC
>1
Bitdefender, Remcos
04/03/2022
-
-
Multiple threat actors
Charities and non-governmental organizations (NGOs) providing support in Ukraine
Researchers from Amazon reveal that Charities and non-governmental organizations (NGOs) providing support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia's war.
Malware
Human health and social work
CW
UA
Amazon, charities, NGO, Ukraine
04/03/2022
Between 02/01/2022 and 05/01/2022
04/01/2022
?
South Denver Cardiology Associates
South Denver Cardiology Associates is hit with a cyber attack and the data of more than 287,000 patients is exfiltrated
Unknown
Human health and social work
CC
US
South Denver Cardiology Associates
04/03/2022
-
-
AgainstTheWest” (ATW)
Gazprom
Anonymous-linked group ATW claims to have breached Gazprom and leaks its database
Unknown
Public admin and defence, social security
H
RU
Anonymous, ATW, AgainstTheWest, Gazprom
04/03/2022
-
-
Anonymous
gov.ru
The Anonymous collective leaks the database of the Russian Government website gov.ru
Unknown
Public admin and defence, social security
H
RU
Anonymous, gov.ru
04/03/2022
16/01/2022
07/02/2022
?
Duncan Regional Hospital (DRH)
Duncan Regional Hospital (DRH) suffers a data breach in January 2022 that impacted over 92,000 individuals,
Unknown
Human health and social work
CC
US
Duncan Regional Hospital, DRH
04/03/2022
Between 17/04/2021 and 05/05/2021
01/05/2021
?
PracticeMax
The business management and information technology solution provider PracticeMax discloses a ransomware attack that affected 165,698 individuals.
Malware
Professional, scientific and technical
CC
US
PracticeMax, Ransomware
04/03/2022
Early 2022
Early 2022
?
Undisclosed target
Researchers from Imperva claim they mitigated a ransom DDoS attack on a single website which reached a rate of 2.5 million requests per second (Mrps)
DDoS
Unknown
CC
N/A
Imperva, DDoS
04/03/2022
02/03/2022
02/03/2022
?
Fleetwood Area School District
Fleetwood Area School District is hit with a ransomware attack.
Malware
Education
CC
US
Fleetwood Area School District, ransomware
04/03/2022
14/10/2021
Between 12/10/2021 and 14/10/2021
?
Technology Management Resources (TMR)
Technology Management Resources, a payment processor, discloses to have been hit by a breach when discovering unusual activity with a user account. Multiple entities are affected.
The Anonymous linked group Ghostsec claims to have hacked the Department of Information Projects (homk.ru).
Unknown
Public admin and defence, social security
H
RU
Anonymous, Ghostsec Department of Information Projects, homk.ru
06/03/2022
06/03/2022
06/03/2022
Anonymous
Three Russian-state TV channels, Russia 24, Moscow 24, and Channel One and two Netflix-like Russian streaming services, Ivi and Wink
The Anonymous collective claims to have hacked three Russian-state TV channels, Russia 24, Moscow 24, and Channel One and two Netflix-like Russian streaming services, Ivi and Wink and broadcasts war footage from Ukraine.
Unknown
Information and communication
H
RU
Anonymous, Russia 24, Moscow 24, Channel One, Russia, Ukraine
07/03/2022
06/03/2022
06/03/2022
?
Toei
Anime giant Toei suffers a cyberattack causing delays in airing new episodes of popular anime series.
Unknown
Arts entertainment, recreation
CC
JP
Toei
07/03/2022
07/03/2022
07/03/2022
?
Russian federal agencies including the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry
Russia says some of its federal agencies' websites were compromised in a supply chain attack after unknown attackers hacked the stats widget used to track the number of visitors by multiple government agencies
Unknown
Public admin and defence, social security
CW
RU
Russian Energy Ministry, Federal State Statistics Service, Federal Penitentiary Service, Federal Bailiff Service, Federal Antimonopoly Service, Culture Ministry, Russia, Ukraine
07/03/2022
Since August 2020
Since August 2020
TA416 (aka Mustang Panda and Temp.Hex)
European diplomats
Researchers from Proofpoint reveal that the China-aligned group TA416 has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine.
Researchers from Akamai reveal the details of a new reflection/amplification DDoS method exploiting a vulnerability tracked as CVE-2022-26143 in a driver used by Mitel devices, which provides a record-breaking amplification ratio of almost 4.3 billion to 1.
DDoS
Multiple Industries
CC
>1
Akamai, CVE-2022-26143, Mitel
07/03/2022
During February 2022
During February 2022
APT31
High profile Gmail users affiliated with the U.S. government
Google's Threat Analysis Group warns multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31.
Targeted Attack
Public admin and defence, social security
CE
US
Google's Threat Analysis Group, APT31, Gmail
07/03/2022
During the last 12 months
During the last 12 months
APT28 AKA Fancy Bear
ukr.net
Google's Threat Analysis Group reveals that threat actors from APT28 have conducted several large credential phishing campaigns targeting ukr.net users, a Ukrainian media company.
Polish and Ukrainian government and military organizations
Google's Threat Analysis Group reveals that threat actors from APT28 have conducted several credential phishing campaigns targeting Polish and Ukrainian government and military organizations.
Numerous Ukraine sites, including the Ministry of Foreign Affairs, Ministry of Internal Affairs
Google's Threat Analysis Group confirms that DDoS attacks are currently ongoing against numerous Ukraine sites, including the Ministry of Foreign Affairs, Ministry of Internal Affairs
DDoS
Public admin and defence, social security
CW
UA
Google's Threat Analysis Group, Ukraine, Ministry of Foreign Affairs, Ministry of Internal Affairs
07/03/2022
Since April 2020
Since April 2020
Ragnar Locker
At least 52 organizations from multiple US critical infrastructure sectors.
The US Federal Bureau of Investigation (FBI) reveals that the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors.
Malware
Multiple Industries
CC
US
FBI, Federal Bureau of Investigation, Ragnar Locker, ransomware
07/03/2022
07/03/2022
07/03/2022
Hive
Rompetrol
Romania's Rompetrol gas station network is hit by a Hive ransomware attack.
Malware
Electricity, gas steam, air conditioning
CC
RO
Rompetrol, Hive, Ransomware
07/03/2022
-
-
?
Single individuals in the US
The FBI reveals that scammers are impersonating government officials and law enforcement in active and rampant extortion schemes targeting Americans' money or personally identifiable information (PII).
Account Takeover
Individual
CC
US
FBI, Federal Bureau of Investigation
07/03/2022
03/03/2022
03/03/2022
?
PressReader
PressReader, a digital platform for hundreds of print newspapers and magazines, says that its systems are slowly returning to normal after suffering a cyberattack.
Unknown
Information and communication
CC
CA
PressReader
07/03/2022
-
-
?
Ascension Michigan
Ascension Michigan notifies patients of a data breach that impacted its EHR system and affected 27,177 individuals.
Unknown
Human health and social work
CC
US
Ascension Michigan
07/03/2022
End of February 2022
End of February 2022
?
District 518
A District 518 employee’s email is hacked and an investigation is underway to determine whether any data was compromised.
Account Takeover
Education
CC
US
District 518
08/03/2022
-
-
Lapsus$?
Mercado Libre
Argentinian e-commerce giant Mercado Libre confirms "unauthorized access" to a part of its source, adding that data of around 300,000 of its users was accessed by threat actors.
Unknown
Wholesale and retail
CC
AR
Mercado Libre, $Lapsus
08/03/2022
Since November 2021
-
TA542
Multiple organizations
Researchers at Black Lotus reveal that the notorious Emotet botnet is still being distributed steadily in the wild, having now infected 130,000 systems in 179 countries.
Malware
Multiple Industries
CC
>1
Emotet, Black Lotus, TA542
08/03/2022
-
-
Anonymous
Unknown target
The Anonymous collective hacks some public cameras in Russia and transmits their live feed.
Unknown
Unknown
H
RU
Anonymous, Russia, Ukraine
08/03/2022
-
-
Multiple threat actors
Undisclosed organizations
The Cybersecurity and Infrastructure Security Agency (CISA) order federal civilian agencies to patch two critical Firefox security vulnerabilities exploited in attacks.
CVE-2022-26485 and CVE-2022-26486 vulnerability
Unknown
N/A
N/A
Cybersecurity and Infrastructure Security Agency, CISA, Firefox, CVE-2022-26485, CVE-2022-26486
08/03/2022
20/09/2021
22/10/2021
?
Norwood Clinic
Norwood Clinic is hit with a cyber attack and 228,000 individuals are likely impacted.
Unknown
Human health and social work
CC
US
Norwood Clinic
08/03/2022
Between May 2021 and February 2022
During May 2021
APT41 AKA Barium, Winnti, Double Dragon, Wicked Panda
At least six U.S. state government organizations
Researchers from Mandiant reveal the details of a long-lasting campaign carried out by APT41 targeting U.S. State Governments via the exploitation of CVE-2021-44207 targeting the USAHerds (Animal Health Emergency Reporting Diagnostic System) and Log4Shell vulnerabilities
The Anonymous collective claims to have defaced the official website of the Russian Federal Penitentiary Service.
Defacement
Public admin and defence, social security
H
RU
Anonymous, Russian Federal Penitentiary Service.
08/03/2022
Since at least 01/03/2022
44621
?
Multiple organizations in Russia
Researchers from Trend Micro reveal the details of RURansom, a wiper malware targeting Russian Organizations.
Malware
Multiple Industries
CW
RU
Trend Micro, RURansom
08/03/2022
-
16/10/2021
?
Central Indiana Orthopedics (CIO)
Central Indiana Orthopedics (CIO) discloses a data security incident that impacted 83,705 individuals
Unknown
Human health and social work
CC
US
Central Indiana Orthopedics, CIO
09/03/2022
Since 24/02/2022
-
?
Ukrainian citizens
Researchers from Malwarebytes discover a malicious spam campaign dropping the Formbook stealer specifically targeting Ukrainians.
Malware
Individual
CE
UA
Malwarebytes, Formbook, Ukraine
09/03/2022
Since December 2021
Between December 2021 and January 2022
?
Multiple organizations
Researchers from Abnormal Security reveal that the stealthy BazarBackdoor malware is now being spread via website contact forms rather than typical phishing emails to evade detection by security software.
Malware
Multiple Industries
CC
>1
Abnormal Security, BazarBackdoor
09/03/2022
-
-
?
Single individuals
Researchers from Cisco Talos reveal that cybercriminals are compromising users with malware disguised as pro-Ukraine cyber tools.
Malware
Individual
CC
>1
Cisco Talos, Ukraine
09/03/2022
-
-
Raccoon Stealer
Multiple organizations
Researchers from Avast discover a new campaign carried out via the Raccoon Stealer malware using the Telegram infrastructure for the command and control.
Malware
Multiple Industries
CC
>1
Avast, Raccoon Stealer, Telegram
09/03/2022
During 2020
During 2020
?
City of Fresno
The city of Fresno discloses to have lost about $400,000 in 2020 after falling victim to a business email compromise (BEC) scam.
Business Email Compromise
Public admin and defence, social security
CC
US
City of Fresno
09/03/2022
18/02/2022
-
?
Memorial Village ER
Memorial Village ER notifies 80,000 individuals following a February 18 hacking incident.
Unknown
Human health and social work
CC
US
Memorial Village ER
10/03/2022
From February 2022
During February 2022
Escobar
Android Banking users
Researchers from Cyble reveal the details of 'Escobar' the new variant of the Aberebot Android banking trojan, equipped with new features, including stealing Google Authenticator multi-factor authentication codes.
Malware
Finance and insurance
CC
>1
Cyble, Escobar, Aberebot, Android Google Authenticator
10/03/2022
Starting from 05/03/2022
05/03/2022
?
Air transport in Finland
Finland's Transport and Communications Agency, Traficom, issues a public announcement informing of an unusual spike in GPS interference near the country's eastern border.
GPS Spoofing
Transportation and storage
N/A
FI
Finland's Transport and Communications Agency, Traficom, GPS Spoofing
10/03/2022
Starting from 05/03/2022
Starting from 05/03/2022
?
Ukrtelecom
The network of Ukrtelecom, a Ukrainian service provider, is taken down by multiple DDoS attacks.
DDoS
Information and communication
CW
UA
Ukrtelecom
10/03/2022
Starting from 05/03/2022
Starting from 05/03/2022
?
Triolan
Also the network of Triolan, a second Ukrainian service provider, is taken down by multiple DDoS attacks.
DDoS
Information and communication
CW
UA
Triolan
10/03/2022
Earlier in March
Earlier in March
$Lapsus?
Ubisoft
Ubisoft confirms it experienced a cyber security incident that caused temporary disruption to some games, systems, and services and forces a company-wide password refresh.
Unknown
Arts entertainment, recreation
CC
FR
Ubisoft, $Lapsus
10/03/2022
End of 2021
End of 2021
Qakbot
Multiple organizations
Researchers from Sophos reveal the details of a new Qakbot campaign hijacking email threads to spread itself to more victims.
Malware
Multiple Industries
CC
>1
Sophos, Qakbot
10/03/2022
-
-
$Lapsus
Vodafone
Vodafone launches an investigation after the cybercrime group Lapsus$ claims to have obtained roughly 200 Gb of source code files, allegedly representing approximately 5,000 GitHub repositories.
Unknown
Information and communication
CC
UK
Lapsus$, Vodafone
10/03/2022
-
-
Anonymous
Roskomnadzor
Anonymous claims to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor, releasing 360,000 files.
Unknown
Public admin and defence, social security
H
RU
Anonymous, Roskomnadzor; Ukraine
10/03/2022
14/02/2022
Between 21/01/2021 and 04/03/2021
?
Dialyze Direct
Dialyze Direct reveals to have suffered an email data breach that impacted 14,203 individuals.
Account Takeover
Human health and social work
CC
US
Dialyze Direct
10/03/2022
-
16/11/2021
?
New Jersey Brain and Spine (NJBS)
New Jersey Brain and Spine (NJBS) notifies patients of a November 2021 ransomware attack that impacted 92,453 individuals
Malware
Human health and social work
CC
US
New Jersey Brain and Spine, NJBS, ransomware
10/03/2022
27/07/2021
09/08/2021
?
JDC Healthcare Management (JDC)
Dental and orthodontic care provider JDC Healthcare Management (JDC) reveals that the information of a large number of Texans (over 1 million) was compromised in a data breach discovered last year.
Malware
Human health and social work
CC
US
JDC Healthcare Management, JDC
10/03/2022
-
-
?
Quantum Group
Highmark Inc., a non-profit healthcare company and Integrated Delivery Network announces that some HIPAA-protected data has been exposed in a data breach at the printing and mailing vendor, Quantum Group.
Unknown
Administration and support service
CC
US
Highmark Inc., Quantum Group.
10/03/2022
Since 24/02/2022
-
Multiple actors
Multiple organizations in Russia
Pro-Ukraine hackers compromise a large number of Russian cloud databases, deleting data, renaming files and potentially exfiltrating information for future attacks.
Misconfiguration
Multiple Industries
H
RU
Russia, Ukraine
10/03/2022
10/03/2022
10/03/2022
SunCrypt
Oklahoma City Indian Clinic (OKCIC)
Oklahoma City Indian Clinic (OKCIC) experiences a cyberattack that has disables certain pharmacy services indefinitely.
Malware
Human health and social work
CC
US
Oklahoma City Indian Clinic, OKCIC, Ransomware
11/03/2022
-
-
?
Valorant players
Researchers from Ahnlab ASEC discover a malware distribution campaign that uses Valorant cheat lures on YouTube to trick players into downloading RedLine, a powerful information stealer.
Malware
Individual
CC
>1
Ahnlab, ASEC, Valorant, YouTube, RedLine
11/03/2022
Since late February
Since late February
Ukraine IT Army
Rostec
Rostec, a Russian state-owned aerospace and defense conglomerate, says its website is taken down following what it described as a "cyberattack."
DDoS
Manufacturing
CW
RU
Rostec
11/03/2022
11/03/2022
11/03/2022
squad303
Russian mobile users
squad303, a group affiliated to the Anonymous collective, sends out over 7 million SMS messages to cell phone numbers across Russia.
Unknown
Individual
H
RU
squad303, Anonymous, Russia, Ukraine
11/03/2022
During February 2922
During February 2922
?
Wightlink
UK ferry operator Wightlink is hit by a “highly sophisticated” cyber-attack that may have compromised personal data belonging to “a small number of customers and staff”.
Unknown
Transportation and storage
CC
UK
Wightlink
11/03/2022
Between 15/10/2021 and 24/10/2021
-
?
Labette Health
Labette Health begins notifying an undisclosed number of individuals of an October 2021 data breach.
Unknown
Human health and social work
CC
US
Labette Health
11/03/2022
Early December 2022
Early December 2022
?
Altoona Area School District
Altoona Area School District discloses to have been hit by a cyber attack back in December 2021 when employees' data appear in the dark web.
Unknown
Education
CC
US
Altoona Area School District
12/03/2022
-
11/03/2022
Anonymous
Rosneft Deutschland
The German Federal Office for Information Security (BSI) confirms that the local subsidiary of the Russian energy giant Rosneft has been hit by a cyberattack, after the Anonymous collective claims to have stolen 20 terabytes of data.
Unknown
Electricity, gas steam, air conditioning
H
DE
German Federal Office for Information Security, BSI, Rosneft, Anonymous
12/03/2022
Since February 2022
-
?
Banking users in Portugal
A new campaign in Portugal distributes a variant of the Maxtrilha trojan using a phishing template from the Portuguese Tax services (Autoridade Tributária e Aduaneira).
Malware
Finance and insurance
CC
PT
Maxtrilha, Portuguese Tax services, Autoridade Tributária e Aduaneira
12/03/2022
SInce 07/03/2022
SInce 07/03/2022
Anonymous
400+ security cameras
Hacktivists from Anonymous claim to have hacked into hundreds of public surveillance cameras installed across Russia to post messages against the Russian president Vladimir Putin and in support of Ukraine
Unknown
Multiple Industries
H
RU
Anonymous, cameras, Russia, Vladimir Putin, Ukraine
14/03/2022
-
-
?
Multiple organizations in Ukraine
Ukraine's Computer Emergency Response Team (CERT-UA) warns that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.
Researchers from ESET discover a new wiper malware dubbed CaddyWiper targeting Ukrainian organizations.
Malware
Multiple Industries
CE
UA
ESET, CaddyWiper, Ukraine
14/03/2022
10/03/2022
10/03/2022
Pandora
Denso
Automotive giant Denso confirms a cyberattack impacting the firm's German operations. The Pandora ransomware group takes credit.
Malware
Manufacturing
CC
DE
Pandora, Denso, Ransomware
14/03/2022
13/03/2022
13/03/2022
?
East Tennessee Children’s Hospital (ETCH)
East Tennessee Children’s Hospital is the victim of an information technology security issue
Unknown
Human health and social work
CC
US
East Tennessee Children’s Hospital, ETCH
14/03/2022
07/03/2022
07/03/2022
?
Town of East Windsor
The town of East Windsor officials confirm that the township experienced a cyber breach that wreaked havoc on its systems and is sending residents fraudulent emails.
Unknown
Public admin and defence, social security
CC
US
Town of East Windsor
14/03/2022
-
-
?
Consumers and Businesses in the US
The Internal Revenue Service (IRS) warns consumers and businesses of common scams during the tax season.
Account Takeover
Multiple Industries
CC
US
IRS, Internal Revenue Service
15/03/2022
Over the last few weeks
Over the last few weeks
Threat actors from China
Ukrainian government organizations
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine targeting Ukrainian government organizations.
Security researchers at Prevailion identify a massive phishing operation focused on collecting credentials of Naver users.
Account Takeover
Individual
CC
KR
Prevailion, Naver
15/03/2022
During May 2021
-
Russian state-sponsored attackers
Undisclosed NGO
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issue an alert about Russian state-sponsored activity exploiting a default configuration issue with Duo MFA with the critical Windows 10 PrintNightmare vulnerability CVE-2021-34481.
Targeted Attack
Public admin and defence, social security
CE
US
Federal Bureau of Investigation, FBI, Cybersecurity and Infrastructure Security Agency, CISA, Russia, Duo MFA, PrintNightmare, CVE-2021-34481
15/03/2022
14/03/2022
14/03/2022
?
Israel Government web sites
Israel's National Cyber Directorate reveals that the country suffered a cyber attack that briefly took down a number of government websites.
DDoS
Public admin and defence, social security
N/A
IL
Israel
15/03/2022
-
-
Spielerkid89
Regional Ministry of Health
A hacker dubbed Spielerkid89 remotely accesses a computer belonging to a regional Ministry of Health in Russia, exploiting a VNC Server without authentication
VNC Misconfiguration
Public admin and defence, social security
H
RU
Spielerkid89, Ministry of Health, Russia
15/03/2022
-
-
Anonymous
Rosatom
The Anonymous collective claims to have hacked (again) Rosatom, the Russia’s state nuclear energy corporation founded by Vladimir Putin himself.
Unknown
Public admin and defence, social security
H
RU
Anonymous, Rosatom
15/03/2022
-
-
Anonymous
Unknown target
The Anonymous collective claims to have hacked more than 1300 network cameras from Russia/Belarus
Unknown
Public admin and defence, social security
H
RU
BY
Anonymous, Russia, Belarus
15/03/2022
-
9/2/2022
B1txor20
Multiple organizations
Researchers from Qihoo 360’s Netlab discover a new backdoor used to infect Linux systems and enslave them in a botnet tracked as B1txor20. The malware spreads by exploiting the Log4Shell vulnerability.
Malware
Multiple Industries
CC
>1
Qihoo 360’s Netlab, Linux, B1txor20, Log4Shell
15/03/2022
15/03/2022
15/03/2022
Anonymous
FSB: fsb.gov.ru
Russian Stock Exchange: moex.com
Moscow International Portal: moscow.ru
Ministry of Sport of the Russian Federation: minsport.gov.ru
Analytical Center for the Government of the Russian Federation: ac.gov.ru
The Anonymous collective takes responsibility for taking down top Russian government websites in a series of DDoS attacks. The list of the targets include the official website of the Federal Security Service (FSB), the Stock Exchange, the Analytical Center for the Government of the Russian Federation, and the Ministry of Sport of the Russian Federation.
DDoS
Public admin and defence, social security
H
RU
FSB, fsb.gov.ru, Russian Stock Exchange, moex.com, Moscow International Portal, moscow.ru, Ministry of Sport of the Russian Federation, minsport.gov.ru, Analytical Center for the Government of the Russian Federation, ac.gov.ru
15/03/2022
15/03/2022
15/03/2022
?
Heriot-Watt University
Heriot-Watt University in Scotland is hit by a serious security incident.
Unknown
Education
CC
UK
Heriot-Watt University
15/03/2022
Early July 2021
-
?
Chelan Douglas Health District
The Chelan Douglas Health District warns the public of a data breach that may have led to the loss of identifiable personal and health information.
Unknown
Human health and social work
CC
US
Chelan Douglas Health District
15/03/2022
-
-
MuddyWater
Targets in Turkey and the Arabian peninsula
Researchers from Cisco Talos discover multiple campaigns carried out by the MuddyWater APT group targeting Turkey and other Asian countries via the SloughRAT (aka Canopy) remote access tool.
A hacker makes off with approximately $11 million in cryptocurrency after using a “re-entrancy” attack on decentralized finance (DeFi) lending protocol applications Agave and Hundred Finance.
Re-entrancy attack
Fintech
CC
N/A
Agave, Hundred Finance.
15/03/2022
15/03/2022
15/03/2022
?
WordPress websites hosted on GoDaddy
Researchers from Wordfence discover a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload.
Unknown
Multiple Industries
CC
>1
GoDaddy, Wordfence
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively...
The first cyber attack timeline of September 2023 reveals a record-breaking 13.93 events/day, a worrying increase from August's downward trend. Ransomware and malware attacks continue to be prevalent, making up 39.7% of the threat landscape, a rise from 34.5%. The impact of vulnerabilities remains vital ...
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.