After the peak of March (in the meantime I have added more records to the previous timeline bringing the total to 150), the level of activity continues to be pretty high. In the first half of April, I have collected 118 events, and the reason of such high numbers is obviously the extension of the conflict in Ukraine into the cyberspace. This asymmetric war is characterizing the threat landscape from at least three perspectives.

From an hacktivism standpoint, the Anonymous and their affiliates continue to leak data from Russian organizations; from a cyber espionage standpoint, Ukraine continues to be the target of multiple campaigns conducted by threat actors primarily from Russia, Belarus, and China. Finally, the wave of attacks carried out deploying destructive malware is not over yet, and April has seen the appearance of ‘Industroyer2’, a new wiper deployed in an apparently unsuccessful attack against a large Ukrainian energy provider. And this is not the only aspect characterized by cyber warfare: the social media are also an important playground, seeing a proliferation of misinformation campaigns and Coordinated Inauthentic Behavior (CIB) linked to Ukraine (and not only…).

The war in Ukraine is obviously characterizing the threat landscape, and hence is overshadowing the rest. Ransomware attacks continue to be relevant, most of all ‘thanks’  to the contribution of the Conti and BlackCat ransomware gangs that even in this fortnight have hit several high-profile targets, however their percentage continues to slide reaching a new low at 11.86%. On the other hand, even in this timeline, the exploitation of vulnerabilities continue to be an important trend with 12.7% of the events characterized by the exploitation of a flaw.

And similarly, another interesting trend of this 2022 is the growing number of massive attacks against fintech and decentralized finance companies. Even in this fortnight, three organizations were hit for a total loss of nearly $27M worth of crypto assets.

As usual, besides the events related to Ukraine, the cyber espionage front is equally quite crowded, this timeline sports many well-known threat actors such as APT10 (tied to China and targeting various entities in government, legal, religious activities, and NGOs), APT-C-23 (tied to Hamas and targeting individuals in Israel), and the North-Korean Lazarus Group (targeting chemical and IT organizations in South Korea.)

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • network servers on an enclosureCVEs Targeting Remote Access Technologies

    In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • photo of turned on laptop computer1-15 April 2024 Cyber Attacks Timeline

    In the first timeline of April 2024 I collected 107 events (7.13 events/day), as always characterized by a majority of malware attacks.

  • Featured Image Q1 2024Q1 2024 Cyber Attacks Statistics

    I aggregated the statistics created from the cyber attacks timelines published in the first quarter of 2024. In this period, I collected a total of 833 events (9.15 events/day) dominated by Cyber Crime with 75.2%...

  • Image by Panumas Nikhomkhai from Pixabay1-15 June 2023 Cyber Attacks Timeline

    In the first half of June 2023, I collected 172 events (corresponding to 11.47 events/day), a value that shows...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.