The 138 events recorded in this timeline represent a new 12 months high. This is one of the effect of the Russian invasion in Ukraine that is having obvious implications in the cyber space as well. Hacktivists have been very busy (15 out of 138 events, corresponding to nearly 11% are related to hacktivism), and similarly 11 out of 138 (8%) are somehow related to cybewarfare operations.
But the effects do not end up here: the war is also undoubtedly characterizing the cyber espionage front, with 21 events (roughly 15% of the sample) directly or indirectly related to Ukraine. UAC-0026 (AKA Scarab), Ghostwriter, Armageddon, Curious Gorge, and COLDRIVER are just some of the threat actors that targeted entities in Ukraine. In total, nearly 19.7% of events (27 out of 138) involve Ukraine, and this explains simply the high number observed in the second half of March.
Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…
This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…
As you can easily imagine, the first cyber attacks timeline of March 2022 is characterized by the invasion of Ukraine, which is obviously affecting the cyber space as well.
Looking at the treat landscape in general, ransomware attacks characterized nearly 16% of events (23 out of 138), doubling the percentage of the first half of the month. However the cyber crime has been characterized by the actions of the Lapsus$ collective that added more high-profile victims to their list.
The exploitation of vulnerabilities continue to be an important trend of this first quarter, and even in this timeline, 12.3% of the events (17 out of 138 events) occurred because a vulnerability was exploited (and new nightmares are ready to spoil the sleep of sysadmins worldwide thanks to the ‘Spring4Shell’ (CVE-2022-22963 and CVE-2022-22965) vulnerabilities, and similarly attacks against fintech companies continue relentlessly: the $624M stolen from Ronin Network represent the highest amount observed so far.
Expand for details
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/03/2022
16/03/2022
16/03/2022
?
Ukraine
Facebook removes a deepfake video of Ukrainian President Volodymyr Zelenskyy spreading across the social network and asking Ukrainian troops lay down their arms and surrender.
Fake Social/Web pages
Public admin and defence, social security
CW
UA
Facebook, Volodymyr Zelenskyy, Ukraine, Russia
2
16/03/2022
Since at least 07/03/2022
During March 2022
Brandon Nozaki Miller, aka RIAEvangelist
Targets in Russia and Belarus
The developer behind the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War, erasing data from systems located in Russia and Belarus.
SolarWinds warned customers of attacks targeting Internet-exposed Web Help Desk (WHD) instances and advised removing them from publicly accessible infrastructure
SolarWinds Web Help Desk vulnerability
Multiple Industries
N/A
>1
SolarWinds, Web Help Desk, WHD
4
16/03/2022
-
-
?
Multiple organizations
Researchers from AhnLab reveal the details of a new GhostCringe (AKA CirenegRAT) campaign, targeting poorly secured Microsoft SQL and MySQL database servers with weak account credentials and no oversight.
Misconfiguration
Multiple Industries
CC
>1
AhnLab, GhostCringe, CirenegRAT, Microsoft SQL, MySQL
5
16/03/2022
SInce at least 14/03/2022
SInce at least 14/03/2022
Emotet
Multiple organizations
Researchers from Cofense discover multiple phishing campaigns impersonating the Internal Revenue Service (IRS.gov) with lures related to the 2022 U.S. tax season, and distributing the Emotet trojan.
Researchers from Mandiant discover a previously unknown Unix rootkit, dubbed CAKETAP, used to steal ATM banking data and conduct fraudulent transactions.
Charleston Area Medical Center (CAMC) discloses a phishing attack that impacted 54,000 individuals.
Account Takeover
Human health and social work
CC
US
Charleston Area Medical Center, CAMC
9
16/03/2022
-
-
LokiLocker
Multiple organizations
Researchers from Avast reveal the details of a new module of the DirtyMoe botnet implementing wormable propagation capabilities..
Multiple vulnerabilities
Multiple Industries
CC
>1
Avast, DirtyMoe
10
16/03/2022
Since one year
-
?
Individuals
Researchers from Sophos disclose CryptoRom, a malware campaign that combines catfishing with crypto-scamming.
Malware
Individual
CC
>1
Sophos, CryptoRom
11
16/03/2022
-
-
?
U.S. life insurance company
Researchers from Armorblox reveal the details of a phishing campaign impersonting Instagram technical support to steal login credentials from the employees of a prominent U.S. life insurance company headquartered in New York.
Account Takeover
Finance and insurance
CC
US
Armorblox, Instagram
12
16/03/2022
-
-
Iranian Threat Actors
Mossad Director David Barnea
Iranian hackers publish a video on an anonymous Telegram channel featuring personal photos and documents allegedly obtained from a phone used by the wife of Mossad Director David Barnea.
Unknown
Individual
CW
IL
Iran, Israel, Telegram, Mossad, David Barnea
13
17/03/2022
Since at least 24/02/2022
24/02/2022
?
Global Navigation Satellite Systems (GNSS) in Europe
The European Union Aviation Safety Agency (EASA), EU's air transport safety and environmental protection regulator, warns of intermittent outages affecting Global Navigation Satellite Systems (GNSS) linked to the Russian invasion of Ukraine.
GPS Spoofing
Transportation and storage
CW
>1
European Union Aviation Safety Agency, EASA, Global Navigation Satellite Systems, GNSS, Russia, Ukraine
14
17/03/2022
17/03/2022
17/03/2022
Anonymous
Russian Ministry of Emergencies
The Anonymous deface the Russian Ministry of Emergencies.
Defacement
Public admin and defence, social security
H
RU
Anonymous, Russian Ministry of Emergencies
15
17/03/2022
Since at least Summer 2021
-
AvosLocker
US critical infrastructure sectors
A joint advisory of the FBI, the US Treasury Department and the Financial Crimes Enforcement Network (FinCEN) warns of AvosLocker ransomware being used in attacks targeting multiple US critical infrastructure sectors.
ASUS warns of Cyclops Blink malware attacks targeting multiple router models.
Malware
Multiple Industries
CE
>1
ASUS, Sandworm, Cyclops Blink
17
17/03/2022
Since at least early September 2021
Early September 2021
EXOTIC LILY
Multiple organizations
Google's Threat Analysis Group has exposed the operations of a threat actor group dubbed "EXOTIC LILY," an initial access broker linked to the Conti and Diavol ransomware operations.
Researchers from Trellix discover a new campaign by the South Korean DarkHotel hacking group, targeting luxury hotels in Macau, China.
Targeted Attack
Accommodation and food service
CE
CN
Trellix, DarkHotel, Macao
19
17/03/2022
20/09/2021
21/10/2021
?
Central Minnesota Mental Health Center (CMMHC)
A phishing incident at Central Minnesota Mental Health Center (CMMHC) potentially exposed the information of 28,725 individuals
Account Takeover
Human health and social work
CC
US
Central Minnesota Mental Health Center, CMMHC
20
17/03/2022
During January 2022
During January 2022
?
Smartmatic
After about two months of investigation and various denials, lawmakers confirm that there was a security breach in the operations of the Philippine Commission on Elections’ (Comelec) service contractor, Smartmatic.
Unknown
Professional, scientific and technical
CC
PH
Commission on Elections, Comelec, Smartmatic
21
17/03/2022
-
09/08/2022
?
Jefferson Dental and Orthodontics
Jefferson Dental and Orthodontics discloses a data breach, due to a malware attack, affecting up to 1,026,820 Texans.
Malware
Human health and social work
CC
US
Jefferson Dental and Orthodontics
22
17/03/2022
-
-
LockBit
Tague Family Practice
Tague Family Practice falls victim of a LockBit ransomware attack.
Malware
Human health and social work
CC
US
Tague Family Practice, LockBit, ransomware
23
17/03/2022
12/12/2021
-
?
Greencore Group PLC
Greencore Group PLC, one of the UK’s leading manufacturers of convenience foods, contacts current and former employees to provide details about a recent data breach, following what they have described as an ‘IT Incident’.
Unknown
Accommodation and food service
CC
UK
Greencore Group PLC
24
18/03/2022
-
-
InvisiMole
Multiple organizations in Ukraine
The Computer Emergency Response Team for Ukraine (CERT-UA) warns of new phishing campaigns taking place against Ukrainian organizations that spread the LoadEdge backdoor.
Targeted Attack
Multiple Industries
CE
UA
Computer Emergency Response Team for Ukraine, CERT-UA, LoadEdge, InvisiMole
25
18/03/2022
-
-
N4ughtysecTU
TransUnion South Africa
TransUnion South Africa discloses that hackers breached one of their servers using stolen credentials and demanded a ransom payment not to release stolen data (54 million customer records).
Account Takeover
Finance and insurance
CC
ZA
TransUnion South Africa, N4ughtysecTU
26
18/03/2022
Around 11/02/2022
Around 11/02/2022
?
Morgan Stanley Wealth Management
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in voice phishing (vishing) social engineering attacks.
Account Takeover
Finance and insurance
CC
US
Morgan Stanley Wealth Management, voice phishing, vishing
27
18/03/2022
-
-
RansomExx
Scottish Association for Mental Health (SAMH)
Scottish Association for Mental Health (SAMH), a mental health charity, is hit with a RansomExx ransomware attack.
Malware
Human health and social work
CC
UK
Scottish Association for Mental Health, SAMH, RansomExx, ransomware
28
18/03/2022
-
-
?
Hood LLC
Hood LLC is the victim of a “cyber security event,” that forces to take all the systems offline.
Unknown
Accommodation and food service
CC
US
Hood LLC
29
18/03/2022
Late December 2021
Late December 2021
?
Cancer and Hematology Centers of Western Michigan
Cancer and Hematology Centers of Western Michigan falls victim to a ransomware attack that impacted 43,071 individuals
Malware
Human health and social work
CC
US
Cancer and Hematology Centers of Western Michigan, ransomware
30
18/03/2022
-
18/01/2022
?
Wheeling Health Right (WHR)
Wheeling Health Right (WHR) notifies an undisclosed number of individuals of a ransomware incident that it suffered in January 2022.
Malware
Human health and social work
CC
US
Wheeling Health Right, WHR
31
18/03/2022
-
-
`?
Assurance Maladie
The health data of more than half a million people in France are stolen from insurance body l’Assurance Maladie after the accounts of 19 healthcare staff were hacked.
Account Takeover
Finance and insurance
CC
FR
Assurance Maladie
32
18/03/2022
-
07/03/2022
?
East Windsor Township
The East Windsor Township’s computer system has been compromised by unknown hackers
Unknown
Public admin and defence, social security
CC
US
East Windsor Township
33
18/03/2022
-
-
?
Lakeview Loan Servicing
Lakeview Loan Servicing says it had uncovered “a security incident involving unauthorized access to the file servers.
Unknown
Finance and insurance
CC
US
Lakeview Loan Servicing
34
19/03/2022
-
18/03/2022
?
HubSpot
Customer relationship management company HubSpot confirms being targeted by hackers after several cryptocurrency services started informing their customers about a cybersecurity incident involving HubSpot.
Account Takeover
Professional, scientific and technical
CC
US
HubSpot, crypto
35
19/03/2022
19/01/2022
19/01/2022
?
Valley View Hospital
Valley View Hospital announces that the email accounts of four employees have been accessed by unauthorized individuals after the employees responded to phishing emails.
Account Takeover
Human health and social work
CC
US
Valley View Hospital
36
21/03/2022
-
-
Anonymous
Transneft
The Anonymous collective leaks roughly 79 gigabytes of emails allegedly stolen from Russian state-controlled oil pipeline company Transneft.
Unknown
Electricity, gas steam, air conditioning
H
RU
Anonymous, Transneft
37
21/03/2022
21/03/2022
21/03/2022
GhostSec
More than 300 Russian printers
Ghostsec, an hacktivist group affiliated with the Anonymous collective hacks more than 300 printers in Russia in 2 hours, printing around 100,000 documents including anti-propaganda messages and Tor installation instructions.
Unknown
Multiple Industries
H
RU
GhostSec, Anonymous, Russia, Printers, Ukraine
38
21/03/2022
21/03/2022
21/03/2022
?
VKontakte (VK)
VKontakte users receive messages from what appears to be the official VK account about Russia's war on Ukraine, suggesting a possible hack.
Account Takeover
Information and communication
H
RU
VKontakte, VK, Russia, Ukraine
39
21/03/2022
21/03/2022
21/03/2022
?
OneRing Finance
Attackers steal $1.4 million from the One Ring protocol via a flash loan attack.
Flash loan attack
Finance and insurance
CC
N/A
OneRing Finance
40
21/03/2022
20/03/2022
20/03/2022
?
ELTA
ELTA, the state-owned provider of postal services in Greece, discloses a ransomware incident that is still keeping most of the organizations services offline.
Malware
Administration and support service
CC
GR
ELTA, ransomware
41
21/03/2022
-
-
?
Individuals in South Korea
Researchers from Ahnlab discover a new BitRAT malware distribution campaign exploiting users looking to activate pirated Windows OS versions for free using unofficial Microsoft license activators.
Malware
Individual
CC
KR
Ahnlab, BitRAT, Windows, Microsoft
42
21/03/2022
-
-
?
Android users
Researchers from Pradeo reveal the details of Facestealer, a malicious Android app that steals Facebook credentials, installed over 100,000 times via the Google Play Store.
Malware
Individual
CC
>1
Pradeo, Android, Facestealer, Facebook
43
21/03/2022
Since 16/03/2022
16/03/2022
Deadbolt
Vulnerable QNAP devices
Researchers from Censys discover a new Deadbolt ransomware campaign targeting QNAP devices.
"Dirty Pipe" vulnerability
Multiple Industries
CC
>1
Censys, Deadbolt, ransomware, QNAP, Dirty Pipe
44
21/03/2022
Between 10/11/2021 and 11/11/2021
12/11/2021
?
Horizon Actuarial Services
Horizon Actuarial Services, a consulting firm that provides actuarial solutions to multiemployer benefit plans, notifies 38,418 individuals of a ransomware cyberattack.
Malware
Professional, scientific and technical
CC
US
Horizon Actuarial Services, ransomware
45
21/03/2022
19/03/2021
-
Hive
Partnership Health Plan of California (PHC)
Partnership Health Plan of California (PHC) suffers a HIve ransomware attack. The attackers claim that 400 gigabytes of data was exfiltrated from PHC systems that included 850,000 PII records.
Malware
Human health and social work
CC
US
Partnership Health Plan of California, PHC, Hive, ransomware
46
21/03/2022
Between February 2021 and February 2022
12/03/2022
Leftist organizations in Colombia
Individuals in Venezuela
Venezuelan leftist organizations orchestrated a disinformation campaign to drive social media narratives supporting a leftist Colombian presidential candidate Gustavo Petro.
Fake Social/Web pages
Individual
CC
VE
Gustavo Petro, Twitter
47
22/03/2022
-
17/03/2022
?
Multiple organizations in Ukraine
The Ukrainian Computer Emergency Team (CERT-UA) warns of cyberattack aimed at Ukrainian enterprises using the a wiper dubbed DoubleZero.
Ukraine’s Computer Emergency Response Team (CERT-UA) reveals discloses that Chinese threat actors are targeting their systems publicly for the first time since Russia invaded Ukraine.
The Anonymous collective leaks a 10GB trove of data from Nestlé after the company unintentionally exposed some test data.
Misconfiguration
Accommodation and food service
H
CH
Anonymous, Nestlé
50
22/03/2022
During January 2022
22/03/2022
Lapsus$
Okta
Okta says it is investigating claims of data breach after the Lapsus$ extortion group posts screenshots in their Telegram channel of what it alleges to be access to Okta's backend administrative consoles and customer data. Few hours later the company confirms the breach: 2.5% of their customers are affected.
Account Takeover
Professional, scientific and technical
CC
US
Okta, Lapsus$
51
22/03/2022
-
20/03/2022
Lapsus$
Microsoft
Microsoft confirms that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code.
Account Takeover
Professional, scientific and technical
CC
US
Microsoft, Lapsus$
52
22/03/2022
-
-
?
Miratorg Agribusiness Holding
Moscow-based meat producer and distributor Miratorg Agribusiness Holding suffers a major cyberattack that encrypts its IT systems using Windows BitLocker.
Malware
Accommodation and food service
CW
RU
Miratorg Agribusiness Holding, Windows BitLocker
53
22/03/2022
-
-
?
French entities in the construction, real estate, and government industries
Researchers from Proofpoint identify a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor dubbed Serpent.
Targeted Attack
Multiple Industries
CE
FR
Proofpoint, Chocolatey, Serpent
54
22/03/2022
Late 2021
Late 2021
Storm Cloud
Multiple organizations
Researchers from Volexity discover a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.'
Malware
Multiple Industries
CE
>1
Volexity, GIMMICK, Storm Cloud
55
22/03/2022
"Recently"
"Recently"
?
Betting companies in Taiwan, Hong Kong, and the Philippines
Researchers from Avast reveal the details of Operation Dragon Castling, an operation carried out by an unknown Chinese-speaking threat actor, targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging CVE-2022-24934, a vulnerability in WPS Office.
Japanese confectionery manufacturer Morinaga warns that a suspected data breach of its online store may have exposed the personal information of more than 1.6 million customers.
"Network Vulnerability"
Accommodation and food service
CC
JP
Morinaga
57
22/03/2022
Between 01/03/2022 and 03/03/2022
03/03/2022
?
Alacrity Solutions Group, LLC
Alacrity Solutions Group, LLC notifies 54,674 people about a breach that involved their personal information.
Unknown
Professional, scientific and technical
CC
US
Alacrity Solutions Group
58
22/03/2022
Between 11/07/2021 and 13/07/2021
06/08/2021
?
Advanced Medical Practice Management (AMPM)
Advanced Medical Practice Management (AMPM) reveals to have suffered a data breach that impacted over 56,000 individuals
Unknown
Human health and social work
CC
US
Advanced Medical Practice Management, AMPM
59
23/03/2022
During March 2022
During March 2022
Ghostwriter AKA UNC1151, UAC-0051
Ukrainian state entities
The Ukrainian CERT (CERT-UA) uncovers a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with the Cobalt Strike Beacon.
NB65, a group of hackers affiliated with Anonymous claims to have disrupted Roscosmos, the Russian space agency, and in particular Russia’s vehicle monitoring system.
Unknown
Public admin and defence, social security
H
RU
NB65, ANonymous, Roscosmos
61
23/03/2022
23/03/2022
23/03/2022
Threat actors from Russia?
Ferrovie dello Stato Italiane (Italian Railways)
Italian railway company Ferrovie dello Stato Italiane temporarily halts some ticket sale services as it feared they had been targeted by a cyber attack.
Malware
Transportation and storage
CC
IT
Italian railway, Ferrovie dello Stato Italiane
62
23/03/2022
-
-
?
Cyber Criminal groups
Security analysts from Ahnlab and Cyble discover a new case of hackers targeting hackers via clipboard stealers disguised as cracked RATs and malware building tools.
Malware
Unknown
CC
N/A
Ahnlab, Cyble
63
23/03/2022
Since at least August 2021
-
Mustang Panda AKA TA416
Diplomatic missions, research entities, and ISPs in multiple countries
Security analysts from ESET uncover a malicious campaign from China-linked threat actor Mustang Panda, which has been running for at least eight months with a new variant of the Korplug malware called Hodur and custom loaders.
Targeted Attack
Multiple Industries
CE
>1
ESET, Mustang Panda, TA416, Korplug, Hodur
64
23/03/2022
-
-
FIN7 AKA Carbanak
Multiple organizations
Researchers from Morphisec discover a new version of the JSSLoader remote access trojan being distributed via malicious Microsoft Excel addins.
Malware
Multiple Industries
CC
>1
Morphisec, JSSLoader, Microsoft Excel, FIN7, Carbanak
65
23/03/2022
-
21/03/2022
?
Microsoft Azure users
Researchers from JFrog discover 218 malicious packages targeting the Microsoft Azure npm scope.
Malware
Multiple Industries
CC
>1
JFrog, Microsoft Azure
66
23/03/2022
Early March 2022
-
?
Single Individuals
Researchers from Fortinet discover a phishing scam exploiting the war in Ukraine, and asking a recipient to send personally identifiable information (PII) and trying to get the victims to do a wire transfer or Venmo money.
Account Takeover
Individual
CC
>1
Fortinet, Ukraine
67
23/03/2022
23/03/2022
23/03/2022
?
Cashio
An anoymous attacker uses an infinite loop vulnerability to mint and steal the equivalent of $48M.
Infinite mint vulnerability
Finance and insurance
CC
N/A
Cashio
68
24/03/2022
24/03/2022
24/03/2022
Anonymous
auchan.ru
In name of #OpRussia, the Anonymous collective takes down the Russian website of Auchan.
DDoS
Wholesale and retail
H
RU
Anonymous, auchan.ru, #OpRussia, Russia, Ukraine
69
24/03/2022
24/03/2022
24/03/2022
Anonymous
leroymerlin.ru
In name of #OpRussia, the Anonymous collective takes down the Russian website of Leroymerlin.
250 individuals working for 10 different news media, domain registrars, web hosting providers and software vendors
Researchers from Google's Threat Analysis Group reveal the details of a campaign consistent with Operation Dream Job, exploiting the Google Chrome CVE-2022-0609 vulnerability one month before it was patched.
Targeted Attack
Multiple Industries
CE
US
Google's Threat Analysis Group, TAG, Operation Dream Job, Google Chrome, CVE-2022-0609, North Korea, Lazarus Group
72
24/03/2022
Since at least 04/01/2022
10/02/2022
Lazarus Group
Over 85 users in cryptocurrency and fintech industries
Researchers from Google's Threat Analysis Group reveal the details of a campaign consistent with Operation AppleJeus, exploiting the Google Chrome CVE-2022-0609 vulnerability one month before it was patched.
Targeted Attack
Finance and insurance
CE
US
Google's Threat Analysis Group, TAG, Operation AppleJeus, Google Chrome, CVE-2022-0609, North Korea, Lazarus Group
73
24/03/2022
Since 11/03/2022
11/03/2022
Muhstik
Vulnerable Redis servers
Researchers from Juniper Threat Labs reveal that the Muhstik malware gang is now actively targeting and exploiting CVE-2022-0543, a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploit was publicly released.
Researchers from Group-IB discover a new version of the Hive ransomware VMware ESXi Linux encryptor converted to the Rust programming language and with new features to make it harder for security researchers to snoop on victim's ransom negotiations.
Partnership HealthPlan of California is hit with a Hive ransomware attack.
Malware
Human health and social work
CC
US
Partnership HealthPlan of California, Hive, ransomware
76
24/03/2022
SInce May 2021
Since May 2021
?
New cryptocurrency users on Android and iOS
Researchers from ESET identify over 40 copycat websites designed to look like those of popular cryptocurrency websites, but that actually trick users into downloading fake versions of the apps containing trojan malware.
Malware
Fintech
CC
>1
ESET, crypto
77
24/03/2022
-
-
?
Multiple organizations
Researchers from Trustwave discover a new phishing campaign abusing Microsoft Compiled HTML Help files (CHM) to deliver the Vidar infostealer.
Malware
Multiple Industries
CC
>1
Trustwave, Microsoft Compiled HTML Help, CHM, Vidar
78
24/03/2022
-
24/02/2022
?
Spokane Regional Health District (SRHD)
Spokane Regional Health District (SRHD) says it suffered a phishing attack that potentially exposed the personal information of 1,260 individuals. The organization discovered a phishing email on February 24 and found that an unauthorized actor potentially previewed some protected health information.
Account Takeover
Human health and social work
CC
US
Spokane Regional Health District, SRHD
79
24/03/2022
Between 14/07/2021 and 19/08/2021
-
?
Christie Clinic
Christie Clinic issues a notice about a recent email security incident that potentially exposed certain patient information.
Account Takeover
Human health and social work
CC
US
Christie Clinic
80
24/03/2022
Starting in February 2022,
-
?
Individuals in the US
Researchers from Avanan disclose a campaign spoofing trending fintech apps such as Stash and Public to steal credentials and give users a false sense of security that they’ve compiled the right tax documents.
Account Takeover
Individual
CC
US
Avanan, Stash, Public
81
24/03/2022
24/03/2022
24/03/2022
?
UK Ministry of Defence
The UK Ministry of Defence suspends online application and support services for the British Army's Capita-run Defence Recruitment System and confirms that digital intruders compromised some data.
Unknown
Public admin and defence, social security
CC
UK
UK Ministry of Defence
82
24/03/2022
-
-
Triton AKA Trisis and HatMan
Organizations in the global energy sector
The FBI warns that the Triton malware Triton malware continues to conduct activity targeting the global energy sector.
Malware
Electricity, gas steam, air conditioning
CE
>1
Triton, Trisis, HatMan
83
24/03/2022
24/03/2022
24/03/2022
The Black Rabbit World
Central Bank of Russia
In name of #OpRussia, the Black Rabbit World, an hacktivist group affiliated with the Anonymous collective, leaks 28GB of data allegedly stolen from the Central Bank of Russia.
Unknown
Finance and insurance
H
RU
#OpRussia, Black Rabbit World, Anonymous, Central Bank of Russia, Russia, Ukraine
84
25/03/2022
-
-
?
Unknown organizations
Google releases Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address CVE-2022-1096, a high-severity zero-day bug exploited in the wild.
CVE-2022-1096 Vulnerability
Unknown
N/A
N/A
Google, Chrome 99.0.4844.84, CVE-2022-1096
85
25/03/2022
-
12/02/2022
Conti
Cytometry Specialists, also known as CSI Laboratories
Cytometry Specialists, also known as CSI Laboratories, notifies patients of a February cyberattack that disrupted the cancer testing lab information systems.
Unknown
Human health and social work
CC
US
Cytometry Specialists, CSI Laboratories, Conti
86
25/03/2022
27/07/2021
Between 23/07/2021 and 27/07/2021
?
SuperCare Health
SuperCare Health notifies 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021.
Unknown
Human health and social work
CC
US
SuperCare Health
87
25/03/2022
-
16/03/2022
LockBit
Val Verde Regional Medical Center (VVRMC)
Val Verde Regional Medical Center (VVRMC) appears to have been the victim of a ransomware attack involving LockBit.
Malware
Human health and social work
CC
US
Val Verde Regional Medical Center, VVRMC, ransomware, LockBit
88
25/03/2022
09/11/2021
-
?
Clinic of North Texas
Clinic of North Texas announces it was the victim of a cyberattack in which hackers gained access to patient data stored on its systems. 244,174 individuals are affected.
Unknown
Human health and social work
CC
US
Clinic of North Texas
89
25/03/2022
Between 07/03/2022 and 11/03/2022
-
ALPHV AKA BlackCat
North Carolina A&T State University
North Carolina A&T State University is hit with an ALPHV Ransomware attack.
Malware
Education
CC
US
North Carolina A&T State University, ALPHV, BlackCat, Ransomware
90
25/03/2022
Between 07/12/2021 and 10/01/2022
10/01/2022
?
North Orange County Community College District (NOCCCD)
North Orange County Community College District (NOCCCD) suffers a data breach that affects 19,678 individuals.
Unknown
Education
CC
US
North Orange County Community College District, NOCCCD
91
25/03/2022
27/02/2022
-
?
Colorado Physician Partners (CPP)
Colorado Physician Partners (CPP) reveals to have suffered a data breach due to an email hacking incident.
Account Takeover
Human health and social work
CC
US
Colorado Physician Partners, CPP
92
27/03/2022
27/03/2022
27/03/2022
?
Revest Finance
Decentralized finance (DeFi) protocol Revest Finance discloses that $2 million was stolen through a vulnerability on their platform.
Vulnerability
Fintech
CC
N/A
Revest Finance
93
27/03/2022
-
27/03/2022
Anonymous
RostProekt
In nome of #OpRussia, the Anonymous leak 2.4GB worth of files from RostProekt, a Russian construction company.
Unknown
Professional, scientific and technical
H
RU
#OpRussia, Anonymous, RostProekt
94
28/03/2022
-
-
Defence intelligence of Ukraine
Russia's Federal Security Service (FSB)
Ukraine's military intelligence on Monday published the names and contact details of 620 people it alleged were officers of Russia's Federal Security Service (FSB) involved in "criminal activities" in Europe.
Unknown
Public admin and defence, social security
CW
RU
Ukraine, Russia, Federal Security Service, FSB, Defence intelligence of Ukraine
95
28/03/2022
28/03/2022
28/03/2022
?
Ukrtelecom
The Ukrainian Telco provider Ukrtelecom is hit with another DDoS attack.
DDoS
Information and communication
CW
UA
Ukrtelecom, Russia, Ukraine
96
28/03/2022
26/03/2022
26/03/2022
?
Russian Aviation Authority (Rosaviatsiya)
Russian Aviation Authority Rosaviatsiya is forced to switch to pen and paper after losing 65TB of data for an alleged cyber attack.
VGTRK (All-Russia State Television and Radio Broadcasting Company)
In name of #OpRussia, NB65, a group affiliated to the Anonymous collective leaks 900,000 emails and 4,000 files from VGTRK (All-Russia State Television and Radio Broadcasting Company)
Unknown
Information and communication
H
RU
#OpRussia, NB65, Anonymous, VGTRK
98
28/03/2022
Since at least mid-March 2022
During mid-March 2022
?
Vulnerable Exchange servers
Researchers from Intezer reveal that the distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.
ProxyLogon and ProxyShell vulnerabilities
Multiple Industries
CC
>1
Intezer, IcedID, ProxyLogon, ProxyShell
99
28/03/2022
-
-
SunCrypt
Multiple organizations
Researchers from Minerva Labs discover a new version of the SunCrypt ransomware.
Malware
Multiple Industries
CC
>1
Minerva Labs, SunCrypt, ransomware
100
28/03/2022
Since 24/02/2022
-
Russian special services
Ukraine population
The Ukrainian Security Service (SSU) announces that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news.
Fake Social/Web pages
Individual
CW
UA
Ukrainian Security Service, SSU, Ukraine, Russia
101
28/03/2022
-
-
UAC-0010 AKA Armageddon
Multiple organizations in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) announces the discovery of a phishing campaign loosely attributed to the UAC-0010 (Armageddon) Russian threat group, using document lures that supposedly contain information about the losses of Ukrainian servicemen to drop the “PseudoSteel” malware.
Malware
Multiple Industries
CE
UA
CERT-UA, UAC-0010, Armageddon, PseudoSteel
102
28/03/2022
-
-
?
Multiple organizations in Ukraine
Threat actors are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on Ukrainian websites.
DDoS
Multiple Industries
CW
UA
WordPress, Ukraine
103
28/03/2022
Since at least 25/03/2022
-
?
Vulnerable Sophos firewalls
Sophos warns that CVE-2022-1040, a recently patched Sophos Firewall vulnerability allowing remote code execution (RCE), is now actively exploited in attacks.
CVE-2022-1040 Vulnerability
Multiple Industries
CC
>1
Sophos, CVE-2022-1040, Remote code execution, RCE
104
28/03/2022
08/01/2022
-
?
Illuminate Education
Illuminate Education discloses to have suffered a security breach that resulted in the leak of 820,000 student data.
Unknown
Administration and support service
CC
US
Illuminate Education
105
28/03/2022
28/03/2022
28/03/2022
?
Ukrtelecom
Web traffic from major Ukrainian internet service provider Ukrtelecom is once again disrupted.
DDoS
Information and communication
CW
UA
Ukrtelecom, Russia, Ukraine
106
28/03/2022
28/03/2022
28/03/2022
?
Multiple organizations
Researchers from Checkmarx discover another batch of malicious npm packages.
Malware
Multiple Industries
CC
>1
Checkmarx, npm
107
28/03/2022
-
-
Hive
First Choice Community Healthcare
The Hive ransomware group claims to have hacked First Choice Community Healthcare.
Malware
Human health and social work
CC
US
Hive, ransomware, First Choice Community Healthcare
108
29/03/2022
-
-
Threat actors from Russia
energy companies and other critical infrastructure in the United States
The FBI reveals that Russian hackers have been scanning the systems of energy companies and other critical infrastructure in the United States
Targeted Attack
Electricity, gas steam, air conditioning
CE
US
FBI, Russia
109
29/03/2022
23/03/2022
23/03/2022
?
Russian dissenters
Researchers from Malwarebytes discover a new spear phishing campaign distributing the Quasar RAT and exploiting CVE-2017-0199 and CVE-2021-40444, targeting dissenters in Russia with opposing views to those promoted by the state and national media about the war against Ukraine.
Malware
Individual
CE
RU
Malwarebytes, Quasar RAT, CVE-2017-0199, CVE-2021-40444, Russia, Ukraine
110
29/03/2022
SInce at least January 2022
During January 2022
Verblecon
Multiple organizations
Researchers from Symantec warn of a relatively new malware loader, dubbed Verblecon, which is sufficiently complex and powerful for ransomware and espionage attacks, although it is currently used for low-reward attacks.
Malware
Multiple Industries
CC
>1
Symantec, Verblecon
111
29/03/2022
-
-
?
Internet-connected UPS devices
In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warns U.S. organizations to secure Internet-connected UPS devices from ongoing attacks.
Misconfiguration
Multiple Industries
CC
US
Department of Energy, Cybersecurity and Infrastructure Security Agency, CISA, UPS devices
112
29/03/2022
-
-
APT36, aka Transparent Tribe, Mythic Leopard
Indian Government
Researchers from Cisco Talos discover a new campaign from the hacking group tracked as APT36, using a new custom malware and entry vectors in attacks against the Indian government.
Targeted Attack
Public admin and defence, social security
CE
IN
Cisco Talos, APT36, Transparent Tribe, Mythic Leopard, India, Pakistan
113
29/03/2022
Since at least October 2021
During October 2021
?
US election officials
The Federal Bureau of Investigation (FBI) warns US election officials of an ongoing and widespread phishing campaign in at least nine states, trying to steal their credentials since at least October 2021.
Account Takeover
Public admin and defence, social security
CE
US
FBI, US election officials
114
29/03/2022
23/03/2022
29/03/2022
?
Ronin Network
A hacker steals almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history.
Compromised private keys
Fintech
CC
N/A
Ethereum, USDC, Axie Infinity, Ronin
115
29/03/2022
During February 2022
During February 2022
?
Cryptocurrency users
Researchers from Morphisec reveal the details of Operation Mars, a large scale campaign using the Mars infostealer targeting cryptocurrency assets.
Malware
Fintech
CC
>1
Morphisec, Operation Mars, Mars infostealer
116
29/03/2022
-
-
Hive
Multiple organizations
Researchers from Sentinel Labs discover a new variant of the Hive ransomware using a new obfuscation technique, dubbed IPfuscation, which involves IPv4 addresses and a series of conversions that eventually lead to downloading a Cobalt Strike beacon.
Malware
Multiple Industries
CC
>1
Sentinel Labs, Hive, ransomware, IPfuscation
117
29/03/2022
-
-
Multiple threat actors
Educational institutions in the United States, Europe and Australia
Researchers from Proofpoint discover a new campaign sending fake job emails to educational institutions in the United States, Europe and Australia.
Account Takeover
Multiple Industries
CC
>1
Proofpoint, Google Drive
118
29/03/2022
-
-
?
Misconfigured Jupyter Notebook instances
Researchers from Aqua Security uncover a Python-based ransomware targeting Jupyter Notebook, a popular tool for data visualization.
Misconfiguration
Multiple Industries
CC
>1
Aqua Security, Python, ransomware, Jupyter Notebook
119
29/03/2022
Since 10/01/2022
Since 10/01/2022
?
Vulnerable VMware Horizon servers
Researchers from Sophos reveal that the Log4Shell vulnerability is being actively exploited in a new wave of attacks to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers.
Log4Shell vulnerability
Multiple Industries
CC
>1
Sophos, VMWare Horizon, Log4Shell
120
29/03/2022
-
-
?
Trend Micro customers
Trend Micro this week announces patches for a high-severity arbitrary file upload vulnerability in Apex Central (CVE-2022-26871) that has already been exploited in what appear to be targeted attacks.
CVE-2022-26871 vulnerability
Unknown
N/A
N/A
Trend Micro, Apex Central, CVE-2022-2687
121
29/03/2022
-
-
?
Multiple organizations
Researchers from Symantec reveal that an unknown attacker is using a complex and powerful new malware loader, dubbed Verblecon, in relatively unsophisticated and low-reward attacks aimed to mine cryptocurrency.
Malware
Multiple Industries
CC
>1
Symantec, Verblecon
122
29/03/2022
29/03/2022
29/03/2022
?
Bradley International Airport
The website of the Bradley International Airport is hit with a DDoS attack.
DDoS
Transportation and storage
CC
US
Bradley International Airport
123
29/03/2022
-
-
Anonymous
MashOil
In name of #OpRussia, the Anonymous release 140,000 emails from MashOil is a Moscow based company known for designing, manufacturing, and maintaining equipment used in the drilling, mining, and fracking industries.
Unknown
Manufacturing
H
RU
#OpRussia, Anonymous, MashOil
124
30/03/2022
-
30/03/2022
?
Thozis Corp.
In name of #OpRussia, the Anonymous release 5,500 emails from Thozis Corp., a Russian investment firm owned by Zakhar Smushkin, a Russian oligarch which is involved in the project to build a satellite city in Saint Petersburg.
Unknown
Finance and insurance
H
RU
OpRussia, Anonymous, Thozis Corp., Russia, Zakhar Smushkin, Russia, Saint Petersburg
125
30/03/2022
-
-
Curious Gorge
Government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia
Researchers from Google's Threat Analysis Group reveal that Curious Gorge, a group attributed to China's PLA SSF, is conducting campaigns against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia.
Researchers from Google's Threat Analysis Group reveal that COLDRIVER, a Russian-based threat actor sometimes referred to as Calisto, has launched credential phishing campaigns, targeting several US based NGOs and think tanks, the military of a Balkans country, a Ukraine based defense contractor and the military of multiple Eastern European countries, as well as a NATO Centre of Excellence.
Targeted Attack
Multiple Industries
CE
>1
Google, Threat Analysis Group, COLDRIVER, Russia, Calisto, NATO
127
30/03/2022
-
-
Ghostwriter AKA UNC1151
Multiple organizations in Ukraine
Researchers from Google's Threat Analysis Group reveal that the Belarusian threat actor Ghostwriter is using the new 'Browser in the Browser' phishing technique in a campaign against targets in Ukraine.
Targeted Attack
Multiple Industries
CE
UA
Google, Threat Analysis Group,Ghostwriter, 'Browser in the Browser', Ukraine, Belarus
128
30/03/2022
Mid-2021
-
?
Multiple organizations in the service provider and social media space
Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook's parent company Meta, were victims of this fraud.
Account Takeover
Professional, scientific and technical
CC
>1
Apple, Meta
129
30/03/2022
-
-
Lapsus$
Globant
IT and software consultancy firm Globant confirms they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code leaked by the threat actors.
Unknown
Professional, scientific and technical
CC
AU
Globant, Lapsus$
130
30/03/2022
-
-
Multiple threat actors
Department of Information Projects (homk.ru)
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' (CVE-2022-22963 and CVE-2022-22965) is publicly disclosed, and exploited in the wild.
CVE-2022-22963 and CVE-2022-22965 vulnerability
Multiple Industries
CC
>1
Spring Core Java, Spring4Shell, CVE-2022-22963, CVE-2022-22965
131
30/03/2022
-
-
?
Multiple organizations
A new phishing campaign abuses Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials.
Account Takeover
Multiple Industries
CC
>1
Microsoft Azure, Static Web Apps, Microsoft 365, Outlook, OneDrive
132
30/03/2022
During February 2022
During February 2022
Deep Panda
Organizations in the financial, academic, cosmetics, and travel sector
Researchers from Fortinet reveal that the Chinese hacking group Deep Panda is targeting VMware Horizon servers with the Log4Shell exploit to deploy a novel rootkit named 'Fire Chili.'
Log4Shell vulnerability
Multiple Industries
CE
>1
Fortinet, Deep Panda, VMware Horizon, Log4Shell, Fire Chili
133
30/03/2022
"Recently"
"Recently"
?
Multiple organizations
Researchers from Zscaler discover a new information-stealing malware-as-a-service named BlackGuard.
Malware
Multiple Industries
CC
>1
Zscaler, BlackGuard
134
30/03/2022
-
-
?
Local US Governments
The Federal Bureau of Investigation (FBI) warns local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses.
Malware
Public admin and defence, social security
CC
US
Federal Bureau of Investigation, FBI, ransomware attacks
135
30/03/2022
-
14/02/2022
?
Englewood Health
Englewood Health discloses a phishing attack that exposed 3,901 patients' information
Account Takeover
Human health and social work
CC
US
Englewood Health
136
30/03/2022
During November 2021
-
?
Andra Pradesh Mahesh Co-Operative Urban Bank
The Hyderabad City Police details an attack to the Andra Pradesh Mahesh Co-Operative Urban Bank that let the attackers steal a few million funds.
Malware
Finance and insurance
CC
IN
Hyderabad City Police, Andra Pradesh Mahesh Co-Operative Urban Bank
137
30/03/2022
-
-
Vice Society
Obra Social Seguros (OSSEG)
Obra Social Seguros (OSSEG) is hit by a Vice Society ransomware attack.
Malware
Human health and social work
CC
AR
Obra Social Seguros, OSSEG, ransomware
138
31/03/2022
-
-
Anonymous
Marathon Group
In name of #OpRussia, the Anonymous hacks the Marathon Group, a Russian investment firm owned by oligarch Alexander Vinokurov, and releases 62,000 emails.
Unknown
Finance and insurance
H
RU
#OpRussia, Anonymous, Marathon Group, Alexander Vinokurov, Ukraine
139
31/03/2022
-
-
Anonymous
volozhin.gov.by
In name of #OpRussia, the Anonymous deface the a website of the Government of Belarus dedicated to the Economy of Volozhin, a Belarusian city in the Minsk region
The Ukrainian Security Service (SSU) announces that it disrupted a bot farm that sent around 5,000 text messages to local police and military members asking them to surrender and defect.
Decentralized lending platform Ola Finance says it was hacked, reporting that about $4.67 million in cryptocurrency was stolen.
Reentrancy Attack
Fintech
CC
N/A
Ola Finance
142
31/03/2022
-
15/03/2022
?
Iberdrola
Iberdrola suffers a cyberattack leading to the teft of the personal information of 1.3 million customers has been stolen.
Unknown
Electricity, gas steam, air conditioning
CC
ES
Iberdrola
143
31/03/2022
End of February 2022
End of February 2022
?
Multiple organizations
Researchers from Inky discover a new phishing campaign abusing the free calendar app Calendly.
Account Takeover
Multiple Industries
CC
>1
Inky, Calendly.
144
31/03/2022
Since at least November 2021
"Recently"
Lazarus Group
Cryptocurrency users and investors.
Researchers from Kaspersky discover that hackers from the Lazarus Group have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors.
Malware
Fintech
CC
>1
Kaspersky, Lazarus Group, DeFi Wallet
145
31/03/2022
-
-
?
Unknown organization(s)
Apple releases security updates to address two zero-day vulnerabilities (CVE-2022-22674 and CVE-2022-22675) exploited by attackers to hack iPhones, iPads, and Macs.
Researchers from Cyble discover a new remote access trojan (RAT) named Borat on darknet markets, offering easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment.
Malware
Multiple Industries
CC
>1
Akamai, CVE-2022-26143, Mitel
147
31/03/2022
14/09/2021
-
?
Law Enforcement Health Benefits Inc. (LEHB)
Law Enforcement Health Benefits Inc. (LEHB) notifies plan members of a September 2021 ransomware attack that impacted over 85,000 individuals.
Malware
Human health and social work
CC
US
Law Enforcement Health Benefits Inc., LEHB, ransomware
148
31/03/3022
24/03/2022
-
probablyup
npm developers
Researchers from Checkmarks discover that two popular packages, “styled-components” and “es5-ext”, with millions of weekly downloads and thousands of dependent projects, released new Protestware versions. The new versions verify that the infected machine belongs to a Russian user and if so, alter their behavior in protest against Russian aggression in Ukraine.
The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issues a warning for an ongoing phishing campaign targeting Verizon customers via SMS (Short Message Service).
Account Takeover
Individual
CC
US
New Jersey Cybersecurity & Communications Integration Cell, NJCCIC, Verizon, SMS, Short Message Service
150
31/03/3022
Between 12/11/2021 and 18/11/2021
Between 12/11/2021 and 18/11/2021
?
Urgent Team Holdings
Urgent Team Holdings notifies 166,601 patients that some of their protected health information may have been obtained by unauthorized individuals in a November 2021 cyberattack.
Unknown
Human health and social work
CC
US
Urgent Team Holdings
151
31/03/2022
Mid-March 2022
Mid-March 2022
El Machete
Financial organizations in Nicaragua
Researchers from Check Point discover a new campaign carried out by El Machete APT sending spear-phishing emails to financial organizations in Nicaragua, exploiting the crisis in Ukraine.
Targeted Attack
Finance and insurance
CC
NI
Check Point, El Machete, Ukraine
152
31/03/2022
Mid-March 2022
Mid-March 2022
Lyceum APT
Israeli energy company
Researchers from Check Point discover a new campaign carried out by the Iranian group Lyceum exploiting the crisis in Ukraine.
Targeted Attack
Electricity, gas steam, air conditioning
CE
IL
Check Point, Lyceum, Ukraine
153
31/03/2022
Mid-March 2022
Mid-March 2022
SideWinder
Entities in Pakistan
Researchers from Check Point discover a new campaign carried out by the SideWinder APT exploiting the crisis in Ukraine.
Targeted Attack
Multiple Industries
CE
PK
Check Point, SideWinder, Ukraine
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
April 2023 Cyber Attacks Timeline
The Biggest Data Breaches of 2023
2020 Cyber Attacks Statistics
Q1 2023 Cyber Attacks Statistics
2022 Cyber Attacks Statistics
