After the peak of March (in the meantime I have added more records to the previous timeline bringing the total to 150), the level of activity continues to be pretty high. In the first half of April, I have collected 118 events, and the reason of such high numbers is obviously the extension of the conflict in Ukraine into the cyberspace. This asymmetric war is characterizing the threat landscape from at least three perspectives.

From an hacktivism standpoint, the Anonymous and their affiliates continue to leak data from Russian organizations; from a cyber espionage standpoint, Ukraine continues to be the target of multiple campaigns conducted by threat actors primarily from Russia, Belarus, and China. Finally, the wave of attacks carried out deploying destructive malware is not over yet, and April has seen the appearance of ‘Industroyer2’, a new wiper deployed in an apparently unsuccessful attack against a large Ukrainian energy provider. And this is not the only aspect characterized by cyber warfare: the social media are also an important playground, seeing a proliferation of misinformation campaigns and Coordinated Inauthentic Behavior (CIB) linked to Ukraine (and not only…).

Photo by Adi Goldstein on Unsplash

1-15 June 2022 Cyber Attacks Timeline

The first timeline of June 2022 is out. In the first half of the month I collected 109 events, corresponding to an average of 7.27 events/day, in line with the sustained level of activity that is characterizing the latest months. And if…

Continue Reading

The war in Ukraine is obviously characterizing the threat landscape, and hence is overshadowing the rest. Ransomware attacks continue to be relevant, most of all ‘thanks’  to the contribution of the Conti and BlackCat ransomware gangs that even in this fortnight have hit several high-profile targets, however their percentage continues to slide reaching a new low at 11.86%. On the other hand, even in this timeline, the exploitation of vulnerabilities continue to be an important trend with 12.7% of the events characterized by the exploitation of a flaw.

And similarly, another interesting trend of this 2022 is the growing number of massive attacks against fintech and decentralized finance companies. Even in this fortnight, three organizations were hit for a total loss of nearly $27M worth of crypto assets.

As usual, besides the events related to Ukraine, the cyber espionage front is equally quite crowded, this timeline sports many well-known threat actors such as APT10 (tied to China and targeting various entities in government, legal, religious activities, and NGOs), APT-C-23 (tied to Hamas and targeting individuals in Israel), and the North-Korean Lazarus Group (targeting chemical and IT organizations in South Korea.)

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.