1-15 April 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

After the peak of March (in the meantime I have added more records to the previous timeline bringing the total to 150), the level of activity continues to be pretty high. In the first half of April, I have collected 118 events, and the reason of such high numbers is obviously the extension of the conflict in Ukraine into the cyberspace. This asymmetric war is characterizing the threat landscape from at least three perspectives.

From an hacktivism standpoint, the Anonymous and their affiliates continue to leak data from Russian organizations; from a cyber espionage standpoint, Ukraine continues to be the target of multiple campaigns conducted by threat actors primarily from Russia, Belarus, and China. Finally, the wave of attacks carried out deploying destructive malware is not over yet, and April has seen the appearance of ‘Industroyer2’, a new wiper deployed in an apparently unsuccessful attack against a large Ukrainian energy provider. And this is not the only aspect characterized by cyber warfare: the social media are also an important playground, seeing a proliferation of misinformation campaigns and Coordinated Inauthentic Behavior (CIB) linked to Ukraine (and not only…).

Cloud-Native Threats in 2023

Similarly to what I have done in 2022, 2021, and 2020, I am listing those cyber attacks…

The Biggest Data Breaches of 2023

Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches…

16-31 December 2022 Cyber Attack Timeline

Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases…

1-15 December 2022 Cyber Attack Timeline

In the first timeline of December, I have collected 147 events (corresponding to 9.8 events/day), a result slightly…

Cloud-Native Threats in 2022

This blog post lists the main cloud-native threats, that is those cyber events exploiting the cloud in one or more stage of the kill chain. I have collected…

Photo by Tima Miroshnichenko from Pexels

The Biggest Data Breaches of 2022

Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines…

16-31 March 2022 Cyber Attacks Timeline

The 138 events recorded in this timeline represent a new 12 months high. This is one of the effect of the…

The war in Ukraine is obviously characterizing the threat landscape, and hence is overshadowing the rest. Ransomware attacks continue to be relevant, most of all ‘thanks’ to the contribution of the Conti and BlackCat ransomware gangs that even in this fortnight have hit several high-profile targets, however their percentage continues to slide reaching a new low at 11.86%. On the other hand, even in this timeline, the exploitation of vulnerabilities continue to be an important trend with 12.7% of the events characterized by the exploitation of a flaw.

And similarly, another interesting trend of this 2022 is the growing number of massive attacks against fintech and decentralized finance companies. Even in this fortnight, three organizations were hit for a total loss of nearly $27M worth of crypto assets.

As usual, besides the events related to Ukraine, the cyber espionage front is equally quite crowded, this timeline sports many well-known threat actors such as APT10 (tied to China and targeting various entities in government, legal, religious activities, and NGOs), APT-C-23 (tied to Hamas and targeting individuals in Israel), and the North-Korean Lazarus Group (targeting chemical and IT organizations in South Korea.)

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/04/2022	Since at least February 2022	-	Threat actors from China	Defence ministry and other institutions in Ukraine	According to the Ukrainian Security Service (SBU), China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion.	Targeted Attack	Public admin and defence, social security	CE	UA		Ukrainian Security Service, SBU, China, Ukraine
2	01/04/2022	During March 2022	During March 2022	UAC-0056	Several entities in Ukraine, including ICTV, a private TV channel.	Researchers from Malwarebytes reveal that the cyberespionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.	Targeted Attack	Multiple Industries	CE	UA		Malwarebytes, UAC-0056, SaintBear, UNC2589, TA471, Ukraine, ICTV
3	01/04/2022	-	-	?	Yandex Food	Yandex blames one of its employees for the hacking and subsequent leak of data from Yandex Food, a popular food delivery service in Russia.	Unknown	Accommodation and food service	H	RU		Yandex, Yandex Food
4	01/04/2022	-	01/04/2022	Anonymous	Russian Orthodox Church	In name of #OpRussia, the Anonymous leak 15GB of data stolen from the Russian Orthodox Church's charitable wing and release roughly 57,500 emails.	Unknown	Other service activities	H	RU		#OpRussia, Anonymous, Russian Orthodox Church
5	01/04/2022	-	Between February and March 2022	Beastmode (aka B3astmode)	Multiple organizations	Researchers from Fortinet observe that the Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits, adding five new exploits within a month, with three targeting various models of TOTOLINK routers.	Multiple vulnerabilities	Multiple Industries	CC	>1		Fortinet, Beastmode, B3astmode, Mirai, TOTOLINK
6	01/04/2022	-	-	?	Android users	Researchers from Lab52 identify a malicious APK named “Process Manager”, using the same infrastructure exploited by the Turla group, acting as Android spyware, uploading information to the threat actors.	Malware	Individual	CC	>1		Lab52, APK, Process Manager, Turla, Android
7	01/04/2022	End of February 2021	End of February 2021	?	Individuals	Researchers at McAfee Labs discover a campaign where attackers launched a crypto donation scam in support of Ukraine, setting up phishing websites and emails that contain cryptocurrency wallets asking for donations.	Malicious spam	Individual	CC	>1		McAfee Labs, Ukraine
8	02/04/2022	31/03/2022	31/03/2022	Conti	Nordex	The Conti ransomware operation claims responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines.	Malware	Manufacturing	CC	DE		Nordex, Conti, Ransomware
9	02/04/2022	02/04/2022	02/04/2022	?	Inverse Finance	An attack on decentralized finance (DeFi) protocol Inverse Finance leads to the theft of more than $15 million in cryptocurrency.	Vulnerability	Fintech	CC	N/A		Inverse Finance, Crypto
10	03/04/2022	-	26/03/2022	?	MailChimp	Email marketing firm MailChimp disclosed that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.	Account Takeover	Professional, scientific and technical	CC	US		MailChimp, Crypto, Trezor
11	03/04/2022	Between 06/12/2021 and 03/012022	07/02/2022	?	Wellstar Health System	Wellstar Health System notifies individuals of a data security incident that occurred when an unauthorized party gained access to two Wellstar email accounts.	Account Takeover	Human health and social work	CC	US		Wellstar Health System
12	04/04/2022	During April 2022	During April 2022	Armageddon (AKA Gamaredon)	Multiple organizations in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) discover a new phishing campaign attributed to the Russian threat group tracked as Armageddon (Gamaredon) targeting organizations in Ukraine.	Targeted Attack	Multiple Industries	CE	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Armageddon, Gamaredon, Ukraine
13	04/04/2022	During April 2022	During April 2022	Armageddon (AKA Gamaredon)	Government agencies in the European Union	The Computer Emergency Response Team of Ukraine (CERT-UA) discover a new phishing campaign attributed to the Russian threat group tracked as Armageddon (Gamaredon) targeting government agencies in the European Union.	Targeted Attack	Public admin and defence, social security	CE	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Armageddon, Gamaredon, Ukraine
14	04/04/2022	-	04/04/2022	Anonymous	Russian military stationed in Bucha	The Anonymous collective leakes personal details of the Russian military stationed in Bucha.	Unknown	Public admin and defence, social security	H	RU		Anonymous, Russia, Ukraine, Bucha
15	04/04/2022	Until early 2022	Early 2022	FIN7 (a.k.a. Carbanak)	Multiple organizations	Researchers from Mandiant reveal the details of the latest campaigns carried out by the FIN7 group using a new PowerShell backdoor called PowerPlant.	Malware	Multiple Industries	CC	>1		Mandiant, FIN7, Carbanak, PowerPlant
16	04/04/2022	During March 2022	During March 2022	Multiple threat actors	Multiple organizations	Microsoft reveals that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability (tracked as CVE-2022-22965) across its cloud services.	CVE-2022-22965 Vulnerability	Multiple Industries	CC	>1		Microsoft, Spring4Shell, SpringShell, CVE-2022-22965
17	04/04/2022	During February 2022	During February 2022	?	WhatsApp users	Researchers from Armorblox discover a new WhatsApp phishing campaign impersonating WhatsApp's voice message feature attempting to spread information-stealing malware to at least 27,655 email addresses.	Malware	Individual	CC	>1		WhatsApp, Armorblox
18	04/04/2022	-	-	?	Emma The Sleep	Emma The Sleep confirms it suffered a Magecart attack which enabled the attackers to skim customers' credit or debit card data from its website.	Malicious script injection	Manufacturing	CC	DE		Emma The Sleep, Magecart
19	04/04/2022	31/03/2022	31/03/2022	?	Individuals in the UK	Cyber-criminals are impersonating the confectioner Cadbury online to steal personal data.	UK	Individual	CC	UK		Cadbury
20	05/04/2022	From mid-2021 to at least February 2022	-	Cicada (AKA menuPass, Stone Panda, Potassium, APT10, Red Apollo)	Various entities in government, legal, and religious activities, and NGOs	Researchers from Broadcom Symantec uncover a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader and the Sodamaster backdoor.	Targeted Attack	Multiple Industries	CE	>1		Broadcom, Symantec uncover, VLC Media Player, Sodamaster, Cicada, menuPass, Stone Panda, Potassium, APT10, Red Apollo
21	05/04/2022	Early April 2022	Early April 2022	Multiple threat actors	Multiple organizations	Researchers from CheckPoint reveal that roughly one out of six organizations worldwide that are impacted by the Spring4Shell zero-day vulnerability have already been targeted by threat actors (about 37,000 attacks only in the first weekend after the disclosure).	CVE-2022-22965 Vulnerability	Multiple Industries	CC	>1		CheckPoint, Spring4Shell, SpringShell, CVE-2022-22965
22	05/04/2022	-	-	?	The Works	UK retail chain The Works announces it was forced to shut down several stores due to till issues caused by a cyber-security incident involving unauthorized access to its computer systems.	Unknown	Wholesale and retail	CC	UK		The Works
23	05/04/2022	-	-	?	The Guidance Center	The Guidance Center reveals to have discovered that unauthorized individuals gained access to several employee email accounts. 23,104 individuals are affected.	Account Takeover	Human health and social work	CC	US		Guidance Center
24	05/04/2022	05/12/2021	-	?	Four Jordanian human rights defenders	An investigation by Front Line Defenders and Citizen Lab reveals that the iPhone of Jordanian journalist Suhair Jaradat was hacked with Pegasus, the spyware of the NSO group.	Targeted Attack	Individual	CE	JO		Front Line Defenders, Citizen Lab, NSO Group, Ahmed Al-Neimat, Malik Abu Orabi, Suhair Jaradat
25	05/04/2022	14/03/2022	14/03/2022	Conti	Parker Hannifin	The Conti ransomware group leaks several gigabytes of files allegedly stolen from US industrial components giant Parker Hannifin.	Malware	Manufacturing	CC	US		Conti, ransomware, Parker Hannifin
26	05/04/2022	'Recently'	'Recently'	?	Multiple targets	Researchers from Malwarebytes discover a new Colibri Loader campaign delivering the Mars Stealer as final payload.	Malware	Multiple Industries	CC	>1		Malwarebytes, Colibri, Mars Stealer
27	05/04/2022	-	-	UAC-0094	Telegram users in Ukraine	The State Service of Special Communication and Information Protection (SSSCIP) of Ukraine discovers a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.	Targeted Attack	Individual	CE	UA		State Service of Special Communication and Information Protection, SSSCIP, Ukraine, Telegram, UAC-0094
28	05/04/2022	-	05/04/2022	Conti	I-SEC	Conti threat actors add I-SEC, one of the main providers in the field of aviation security, to their leak site and have provided some proof of claim.	Malware	Professional, scientific and technical	CC	DE		Conti, I-SEC, ransomware
29	05/04/2022	-	11/03/2022	?	Whitefish School District	Whitefish School District reports a data breach after an investigation discovered that an employee’s computer had been accessible to an attacker after the employee had fallen for a social engineering scam.	Account Takeover	Education	CC	US		Whitefish School District
30	05/04/2022	During February 2022	During February 2022	Conti	Panasonic Canada	Panasonic Canada discloses a Conti ransomware attack.	Malware	Manufacturing	CC	CA		Panasonic Canada, Conti, Ransomware
31	06/04/2022	'Recently'	'Recently'	APT-C-23	Israeli individuals including a group of high-profile targets working for sensitive defense, law enforcement, and emergency services organizations.	Researchers from Cybereason reveal the details of Operation Bearded Barbie', a new elaborate campaign targeting Israeli individuals, among them, a group of high-profile targets working for sensitive defense, law enforcement, and emergency services organizations.	Targeted Attack	Public admin and defence, social security	CE	IL		APT-C-23, Cybereason, Operation Bearded Barbie
32	06/04/2022	-	-	FFDroider	Single Individuals	Researchers from Zscaler discover a new information stealer named FFDroider, stealing credentials and cookies stored in browsers to hijack victims' social media accounts.	Malware	Individual	CC	>1		Zscaler, FFDroider
33	06/04/2022	-	-	?	Android users	Researchers from AppCensus warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps.	Malware	Individual	CC	>1		AppCensus, Android, Google Play Store
34	06/04/2022	Early April 2022	05/04/2022	LOSPELAOSBRO	Vevo	Multinational video hosting service Vevo says it is investigating a recent incident where someone took over the YouTube pages for several high-profile artists and either uploaded music videos or changed the names of popular videos.	Account Takeover	Arts entertainment, recreation	CC	US		Vevo, YouTube, LOSPELAOSBRO
35	06/04/2022	Late 2021	Late 2021	?	Mobile Banking users in Malaysia	Researchers at ESET reveal to have discovered three malicious Android apps targeting the customers of eight different Malaysian banks in a campaign that began late last year.	Malware	Finance and insurance	CC	MY		ESET, Android, Maybank, Affin Bank, Public Bank Berhad, CIMB bank, BSN, RHB, Bank Islam Malaysia, Hong Leong Bank
36	06/04/2022	Since at least September 2021	Since at least September 2021	TAG-38	At least 7 Indian electricity grid centers	Researchers from Recorded Future reveal to have observed network intrusions targeting at least 7 Indian electricity grid centers by a Chinese state-sponsored actor dubbed TAG-38.	Targeted Attack	Electricity, gas steam, air conditioning	CE	IN		Recorded Future, China
37	06/04/2022	-	-	?	Central Vermont Eye Care	Central Vermont Eye Care reports a hacking incident affecting 30,000 patients.	Unknown	Human health and social work	CC	US		Central Vermont Eye Care
38	06/04/2022	-	-	The Black Rabbit World	Kremlin CCTV system	Hacktivists from the Black Rabbit World claim to have gained access to the Kremlin CCTV system.	Unknown	Public admin and defence, social security	H	RU		Black Rabbit World, Ukraine
39	06/04/2022	-	06/04/2021	?	Bernards Township School District	Bernards Township School District notifies that personal information may have been breached through the school computer data system last year.	Unknown	Education	CC	US		Bernards Township School District
40	07/04/2022	SInce February 2022	SInce February 2022	APT28 AKA Strontium, Fancy Bear	Multiple Ukrainian targets	Microsoft disrupts attacks against Ukrainian targets coordinated by the Russian APT28 hacking group after taking down seven domains used as attack infrastructure.	Targeted Attack	Multiple Industries	CE	UA		Microsoft, Ukraine, Russia, APT28, Strontium, Fancy Bear
41	07/04/2022	Between 01/03/2022 and 03/03/2022	Early March 2022	Conti	Snap-on	American automotive tools manufacturer Snap-on announces a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company's data in March.	Malware	Manufacturing	CC	US		Snap-on, Conti, ransomware
42	07/04/2022	'During the recent months'	'During the recent months'	Parrot TDS	Users in multiple countries	Researches from Avast discover FakeUpdate, a campaign relying on 'Parrot TDS', a traffic direction system (TDS) exploiting servers that host 16,500 websites of universities, local governments, adult content platforms, and personal blogs, and redirecting users to malicious sites.	Traffic redirection	Individual	CC	>1		Avast, FakeUpdate, Parrot TDS
43	07/04/2022	-	-	?	Multiple organizations	Researchers from Cado Security discover Denonia, the first malware specifically developed to target Amazon Web Services (AWS) Lambda cloud environments with cryptominers.	Malware	Multiple Industries	CC	>1		Cado Security, Denonia, Amazon Web Services, AWS, Lambda, Crypto
44	07/04/2022	-	During April 2022	UNC788	Multiple people in several countries including military, dissidents and human rights activists	Meta, the company behind Facebook, removes a campaign carried out by an Iranian group known as UNC788 targeting multiple people in several countries including military, dissidents and human rights activists.	Account Takeover	Individual	CE	>1		Meta, Iran, UNC788
45	07/04/2022	07/04/2022	07/04/2022	?	WonderHero	The operators of cryptocurrency play-to-earn game WonderHero disable the service after hackers stole about $320,000 worth of Binance Coin (BNB).	Vulnerability	Fintech	CC	N/A		WonderHero, Crypto
46	07/04/2022	-	During April 2022	Previously unreported group linked to Iran	Multiple organizations worldwide	Meta takes action against a previously unreported hacking group from Iran that targeted or spoofed companies in multiple industries around the world.	Targeted Attack	Multiple Industries	CE	>1		Meta, Iran
47	07/04/2022	-	During April 2022	Azeri Ministry of Internal Affairs?	People from Azerbaijan, including democracy activists, opposition, journalists, and government critics abroad	Meta disrupts a complex network in Azerbaijan that engaged in both cyber espionage and coordinated inauthentic behavior.	Fake Social/Web pages	Individual	CE	AZ		Meta, Azerbaijan
48	07/04/2022	Shortly before the Russian invasion in Ukraine	During April 2022	Government-linked actors from Russia and Belarus	Government-linked actors from Russia and Belarus	Meta removes an influence operation targeting the Ukrainian telecom industry, the Ukrainian defense and energy sectors, tech platforms and journalists and activists in Ukraine, Russia, and abroad.	Fake Social/Web pages	Multiple Industries	CW	UA		Meta, Ukraine, Russia, Belarus
49	07/04/2022	-	-	Ghostwriter	Members of the Ukrainian military	Meta detects a spike in compromise attempts aimed at members of the Ukrainian military by Ghostwriter,	Targeted Attack	Public admin and defence, social security	CE	UA		Meta, Ghostwriter, Ukraine, Belarus
50	07/04/2022	Late 2021 and January 2022	January 2022	Russian Internet Research Agency (IRA)	Facebook users in multiple countries	Meta takes down an attempt to come back by a network inked to individuals associated with past activity by the Russian Internet Research Agency (IRA).	Fake Social/Web pages	Individual	CW	>1		Meta, IRA, Internet Research Agency, Russia, Ukraine
51	07/04/2022	-	-	Facebook network linked to people in the Luhansk region of Ukraine.	Facebook users in Ukraine	Meta takes down an attempt to come back by a network removed in December 2020 and linked to people in the Luhansk region of Ukraine.	Fake Social/Web pages	Individual	CW	UA		Meta, Ukraine, Luhansk
52	07/04/2022	During 2021	During 2021	?	Social media users in Brazil (Facebook, Instagram, and Twitter)	Meta removes a network of Facebook and Instagram pages and account targeting domestic audiences in Brazil.	Fake Social/Web pages	Individual	CC	BR		Meta, Facebook, Instagram, Twitter, Brazil
53	07/04/2022	-	-	?	Social media users in Costa Rica and El Salvador	Meta removes Facebook accounts, pages, and Groups, plus some Instagram accounts targeting primarily users in Costa Rica and El Salvador.	Fake Social/Web pages	Information and communication	CC	CR SV		Meta, Facebook, Instagram, Costa Rica, El Salvador
54	07/04/2022	-	-	SharkBot	Android users primarily in Italy and UK	Researchers from Check Point discover six malicious antivirus apps, subsequently removed from the Google Play app store, used to deliver the SharkBot malware to steal passwords, bank details and other personal information from Android users.	Malware	Individual	CC	>1		Check Point, Android, SharkBot
55	07/04/2022	During March 2022	During March 2022	?	Individuals	Researchers from Avast discover a scam campaign pretending to collect funds for Ukraine and impersonating Russian opposition leader Alexei Navalny to drain victims’ wallets.	Malicious spam	Individual	CC	>1		Avast, Alexei Navalny, Ukraine
56	07/04/2022	-	-	BlackCat (AKA ALPHV)	ERP provider in the Middle East	Researchers from Kaspersky provide an analysis of a BlackCat ransomware attack targeting an undisclosed ERP provider in the Middle East.	Malware	Professional, scientific and technical	CC	N/A		Kaspersky, BlackCat, ALPHV
57	07/04/2022	-	-	BlackCat (AKA ALPHV)	Oil, gas, mining and construction company in South America	Researchers from Kaspersky provide an analysis of a BlackCat ransomware attack targeting an undisclosed oil, gas, mining and construction company in South America via a data exfiltration tool called Fendr and ExMatter.	Malware	Electricity, gas steam, air conditioning	CC	N/A		Kaspersky, BlackCat, ALPHV, Fendr, ExMatter
58	07/04/2022	-	-	IT ARMY of Ukraine	Rossgram	The IT ARMY of Ukraine claims to have breached Rossgram, a Russian version of Instagram. The group of hacktivists also claims to have created a fake Rossgram app.	Unknown	Information and communication	H	RU		IT ARMY of Ukraine, Rossgram, Instagram
59	07/04/2022	-	-	SPM55	Users of popular services, tech companies and financial institutions, including Coinbase, Netflix, Amazon and Ebay	Researchers from DomainTools reveal a marked uptick in activity for Indonesian phishing-as-a-service group SPM55.	Account Takeover	Multiple Industries	CC	>1		DomainTools, SPM55, Coinbase, Netflix, Amazon, Ebay
60	07/04/2022	-	-	?	CitySprint	CitySprint warns couriers it has suffered a data breach that may have allowed hackers to access their sensitive personal data.	Unknown	Transportation and storage	CC	UK		CitySprint
61	07/04/2022	-	-	Avos Locker	McKenzie Health System	The Avos Locker ransomware gang lists McKenzie Health System among their victims.	Malware	Human health and social work	CC	US		Avos Locker, ransomware, McKenzie Health System
62	07/04/2022	09/02/2022	29/03/2022	?	Weatherford ISD	The Weatherford ISD reports a phishing incident reportedly affecting 1,254 Texans	Account Takeover	Education	CC	US		Weatherford ISD
63	08/04/2022	Since Early April 2022	Since Early April 2022	Mirai	Vulnerable web servers in Singapore	Researchers from Trend Micro discover a variant of the infamous Mirai botnet exploiting the Spring4Shell exploit (CVE-2022-22965) to spread.	CVE-2022-22965 Vulnerability	Multiple Industries	CC	SG		Trend Micro, Mirai, Spring4Shell exploit, CVE-2022-22965
64	08/04/2022	-	13/01/2022	?	Ballad Health	Ballad Health discloses a phishing incident that potentially led to protected health information (PHI) exposure.	Account Takeover	Human health and social work	CC	US		Ballad Health
65	08/04/2022	-	-	Anonymous	Petrovsky Fort	The Anonymous collective leaks 300,000 emails inside 244 GB of data from Petrovsky Fort.	Unknown	Real estate	H	RU		Anonymous, Petrovsky Fort
66	08/04/2022	-	-	Anonymous	Aerogas	The Anonymous collective leaks 100,000 emails inside 145 GB of data from Aerogas.	Unknown	Electricity, gas steam, air conditioning	H	RU		Anonymous, Aerogas
67	08/04/2022	-	-	Anonymous	Forest	The Anonymous collective leaks 100,000 emails inside 145 GB of data from Forest.	Unknown	Mining and quarrying	H	RU		Anonymous, Forest
68	08/04/2022	.	.	SolarMarker	Multiple organizations	Researchers from Palo Alto Networks disclose a new version of the SolarMarker malware that implements new features to avoid detection.	Malware	Multiple Industries	CC	>1		Palo Alto Networks, SolarMarker, Jupyter
69	08/04/2022	08/04/2022	08/04/2022	?	Finnish ministries of Defense and Foreign Affairs	A DDoS attack takes down the websites of the Finnish ministries of Defense and Foreign Affairs, while Ukrainian President Volodymyr Zelenskyy addressed Finland’s members of parliament (MPs).	DDoS	Public admin and defence, social security	H	FI		DDoS Finnish Ministry of Defense, Finnish Ministry of Foreign Affairs, Volodymyr Zelenskyy, Ukraine, Russia
70	08/04/2022	08/04/2022	08/04/2022	?	Black River Falls School District	Black River Falls School District cancels all classes because of an incident involving unauthorized access to the district’s IT network.	Unknown	Education	CC	US		Black River Falls School District
71	09/04/2022	Since March 2022	Since March 2022	NB65	Multiple organizations in Russia	A hacking group dubbed NB65 is using the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.	Malware	Multiple Industries	CW	RU		NB65, Conti, ransomware, Russia, Ukraine
72	09/04/2022	Since at least January 2022	32/01/2022	Octo	Android users	Researchers from ThreatFabric discover Octo, a new Android banking malware featuring remote access capabilities that allow malicious operators to perform on-device fraud.	Malware	Individual	CC	>1		ThreatFabric, Octo, Android
73	10/04/2022	-	-	?	Multiple organizations	A new malspam campaign has been found distributing the new META malware, a new info-stealer malware that appears to be rising in popularity among cybercriminals.	Malware	Multiple Industries	CC	>1		META Stealer
74	11/04/2022	During 2021	During 2021	?	Senior officials at the European Commission	Reuters reveals that senior officials at the European Commission were targeted last year with the NSO spy software.	Targeted Attack	Public admin and defence, social security	CE	EU		Reuters, NSO
75	11/04/2022	Since March 2022	Since March 2022	Multiple threat actors	Organizations in the US	The Cybersecurity and Infrastructure Security Agency (CISA) orders federal civilian agencies and urges all US organizations to patch CVE-2022-23176, an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances.	CVE-2022-23176 Vulnerability	Multiple Industries	CE	US		Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-23176, WatchGuard, Firebox, XTM
76	11/04/2022	During 2021	During 2021	?	Users in South Korea	Researchers from Kaspersky reveal the details of Fakecalls, a banking trojan for Android with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware.	Malware	Finance and insurance	CC	KR		Kaspersky, Fakecalls, Android
77	11/04/2022	During April 2022	During April 2022	Qbot	Multiple organizations	The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages.	Malware	Multiple Industries	CC	>1		Qbot
78	11/04/2022	17/03/2022	-	Viktor Mukhachev aka Yaffle	npm users	A third protestware appears: the 'event-source-polyfill' is modified to show anti-war messages in Russian, 15 seconds after its execution.	Malware	Individual	H	RU		Protestware, event-source-polyfill, npm, Russia, Ukraine
79	11/04/2022	-	-	BlackCat (AKA ALPHV)	Florida International University	The BlackCat (ALPHV) ransomware group claims to have breached the Florida International University, stealing 1.2 TB of data.	Malware	Education	CC	US		BlackCat, ALPHV), ransomware, Florida International University
80	11/04/2022	From 16/10/2021	04/11/2021	?	Signature Healthcare Corporation (SHC)	Signature Healthcare Corporation (SHC) reveals to have suffered a data breach that potentially resulted in personal information exposure, when an unauthorized individual had temporarily accessed clinician employees’ email accounts.	Account Takeover	Human health and social work	CC	US		Signature Healthcare Corporation, SHC
81	11/04/2022	17/10/2021	-	?	Adaptive Health Integrations	Adaptive Health Integrations discloses to have suffered a hacking incident that impacted 510,574 individuals.	Unknown	Human health and social work	CC	US		Adaptive Health Integrations
82	12/04/2022	08/04/2022	08/04/2022	Sandworm	Large Ukrainian energy provider	Researchers from ESET and the Computer Emergency Team of Ukraine (CERT-UA) reveal that the Russian state-sponsored hacking Sandworm, tried to to take down a large Ukrainian energy provider via a new wiper malware called Industroyer2.	Malware	Electricity, gas steam, air conditioning	CW	UA		ESET, Computer Emergency Team of Ukraine, CERT-UA, Sandworm, Industroyer2, Ukraine, Russia
83	12/04/2022	-	-	LockBit	Undisclosed U.S. Government Agency	Researchers from Sophos reveal that a regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed.	Malware	Public admin and defence, social security	CC	US		Sophos, LockBit, ransomware
84	12/04/2022	Since at least mid-march 2022	Mid-march 2022	Keksec	Vulnerable devices	Researchers from Fortinet discover a new Mirai-based botnet malware named Enemybot, growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices.	Multiple vulnerabilities	Multiple Industries	CC	>1		Fortinet, Mirai, Enemybot, Keksec
85	12/04/2022	Early 2022	Early 2022	?	African Banking Sector	Researchers from HP discover a campaign targeting the African Banking Sector via the RemcosRAT.	Malware	Finance and insurance	CC	>1		HP, RemcosRAT
86	12/04/2022	12/04/2022		?	Elephant Money	Elephant Money, the decentralized finance (DeFi) protocol behind the ELEPHANT token and the TRUNK stablecoin, announces that hackers stole $11.2 million worth of Binance Coin.	Price manipulation	Fintech	CC	N/A		Elephant Money, ELEPHANT, TRUCK
87	12/04/2022	-	-	Anonymous	Ministry of Culture of the Russian Federation	The Ministry of Culture of the Russian Federation suffers a leak of 446 GB containing 230,000 emails.	Unknown	Public admin and defence, social security	H	RU		Ministry of Culture of the Russian Federation, Anonymous
88	12/04/2022	-	-	Anonymous	City of Blagoveshchensk	The City of Blagoveshchensk suffers a leak of 150 GB containing 230,000 emails.	Unknown	Public admin and defence, social security	H	RU		City of Blagoveshchensk, Anonymous
89	12/04/2022	-	-	Anonymous	Governor's office of the Tver region	The Governor's office of the Tver region suffers a leak of 116 GB containing 130,000 emails.	Unknown	Public admin and defence, social security	H	RU		Governor's office of the Tver region, Anonymous
90	12/04/2022	From August 2021 to February 2022	-	HAFNIUM	Entities in the United States across multiple industries	Researchers from Microsoft reveal that the China-backed HAFNIUM cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, used to maintain persistence on compromised Windows systems.	Targeted Attack	Multiple Industries	CE	US		Microsoft, HAFNIUM; Tarrask
91	12/04/2022	During the first week of April 2022	During the first week of April 2022	?	Unnamed telecommunication company in Honolulu	Federal agents in Honolulu disrupt an apparent cyberattack on an unnamed telecommunication company’s servers associated with an underwater cable responsible for internet, cable service and cell connections in Hawaii and the region.	Unknown	Information and communication	CC	US		Honolulu, Hawaii
92	12/04/2022	12/04/2022	12/04/2022	?	Currency.com	Hours after Currency.com, a global cryptocurrency exchange, announces that it was halting operations in Russia, it faces a distributed denial-of-service attack.	DDoS	Fintech	CC	GI		Currency.com
93	13/04/2022	-	-	Multiple threat actors	Multiple industrial devices	A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devices using a new ICS-focused malware toolkit dubbed Pipedream or Incontroller.	Malware	Electricity, gas steam, air conditioning	CE	US		CISA, NSA, FBI, Department of Energy, DOE, ICS, Pipedream, Incontroller
94	13/04/2022	13/04/2022	13/04/2022	Multiple threat actors	Vulnerable VMWare instances	Threat actors are actively scanning for vulnerable VMware Workspace ONE Access and VMware Identity Manager servers, trying to exploit CVE-2022-22954.	CVE-2022-22954 Vulnerability	Multiple Industries	CC	>1		VMware Workspace ONE Access, VMware Identity Manager, CVE-2022-22954
95	13/04/2022	-	-	Multiple threat actors	Multiple organizations in the U.S.	The Cybersecurity and Infrastructure Security Agency (CISA) warns organizations to patch the actively exploited CVE-2022-24521 targeting the Windows Common Log File System Driver.	CVE-2022-24521 Vulnerability	Multiple Industries	N/A	US		Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-24521, Windows Common Log File System Driver
96	13/04/2022	Between 29/03/2022 and 10/04/2022	-	Fodcha	Vulnerable devices	Researchers from Qihoo 360 reveal the details of Fodcha, a rapidly growing botnet enslaving routers, DVRs, and servers across the Internet to target more than 100 victims every day in distributed denial-of-service (DDoS) attacks.	Multiple vulnerabilities and brute-force	Multiple Industries	CC	>1		Qihoo 360, Fodcha
97	13/04/2022	-	13/04/2022	Anonymous	Technotec	In name of #OpRussia, the Anonymous collective leaks 495,000 new emails (440GB) from the Russian firm Technotec, which provides oil and gas field services to companies including Rosneft and Gazprom Neft.	Unknown	Professional, scientific and technical	H	RU		#OpRussia, Anonymous, Technotec, Rosneft, Gazprom Neft
98	14/04/2022	-	-	UAC-0041	Government Agencies in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) reveal the details of a campaign targeting organizations in Ukraine and distributing the IcedID (aka BankBot) malware.	Malware	Public admin and defence, social security	CE	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Ukraine, IcedID, BankBot
99	14/04/2022	-	-	UAC-0097	Government Agencies in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) reveal the details of a campaign targeting organizations in Ukraine and exploiting the Zimbra CVE-2018-6882 vulnerability.	Zimbra, CVE-2018-6882	Public admin and defence, social security	CE	UA		Computer Emergency Response Team of Ukraine, CERT-UA, Ukraine, Zimbra, CVE-2018-6882
100	14/04/2022	22/03/2022 and 25/02/2022	-	OldGremlin	Organizations in Russia	Researchers from Group-IB discover two campaigns by the OldGremlin ransomware criminal group targeting organizations in Russia.	Malware	Multiple Industries	CC	RU		Group-IB, OldGremlin, Russia
101	14/04/2022	Since March 2022	'Recently'	Haskers Gang	Multiple Organizations	Researchers from Cisco Talos discover a new information stealer, called "ZingoStealer."	Malware	Multiple Industries	CC	>1		Cisco Talos, ZingoStealer, Haskers Gang
102	14/04/2022	Mid-April 2022	Mid-April 2022	?	Windows users	Windows 11 ToolBox, a popular script used to add the Google Play Store to the Android Subsystem is discovered to secretly infect users with malicious scripts, Chrome extensions, and potentially other malware.	Malware	Individual	CC	>1		Windows 11 ToolBox, Google Play Store, Android
103	14/04/2022	-	-	Multiple threat actors	Multiple organizations	Google releases Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix CVE-2022-1364, a high-severity zero-day vulnerability actively used by threat actors in attacks.	CVE-2022-1364 Vulnerability	Multiple Industries	N/A	N/A		Google, Chrome 100.0.4896.127, Windows, Mac, Linux, CVE-2022-1364
104	14/04/2022	-	-	?	American users of digital payment apps	The FBI warns that cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts.	Account Takeover	Finance and insurance	CC	US		FBI
105	14/04/2022	-	-	?	T-;Mobile users in the U.S.	The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issues a warning for an ongoing phishing campaign targeting T-Mobile customers with malicious links using unblockable texts sent via SMS (Short Message Service) group messages.	Account Takeover	Individual	CC	US		New Jersey Cybersecurity & Communications Integration Cell, NJCCIC, T-Mobile, SMS, Short Message Service
106	14/04/2022	'Recently'	'Recently'	Lazarus Group	Chemical and IT sector organizations in South Korea	Researchers from Symantec Broadcom reveal that the Operation Dream Job has now been expanded to target chemical and IT sector organizations in South Korea.	Targeted Attack	Multiple Industries	CE	KR		Symantec Broadcom, Operation Dream Job
107	14/04/2022	13/02/2022	13/02/2022	?	New Creation Counseling Center (NCCC)	New Creation Counseling Center (NCCC) reveals to have suffered a ransomware attack that impacted 24,029 individuals	Malware	Human health and social work	CC	US		New Creation Counseling Center, NCCC, ransomware
108	14/04/2022	-	14/04/2022	Anonymous	Gazprom Linde Engineering	In name of #OpRussia, the Anonymous leak 768,000 new emails (728GB) from Gazprom Linde Engineering, which specializes in designing gas and petrochemical processing facilities and oil refineries.	Unknown	Professional, scientific and technical	H	RU		#OpRussia, Anonymous, Gazprom Linde Engineering
109	14/04/2022	Since end of February 2022	During March 2022	BlueHornet (AKA APT49, AgainstTheWest)	Major organizations and APTs in Russia, China, Iran and North Korea	Researchers from CyberInt reveal the details of BlueHornet (AKA APT49, AgainstTheWest) a relatively new advanced persistent threat group that has compromised major organizations and APTs in Russia, China, Iran and North Korea, including APT28 (aka Fancy Bear), APT38 (aka The Lazarus Group) and APT40 (aka Kryptonite Panda).	Targeted Attack	Multiple Industries	>1	>1		CyberInt, BlueHornet. APT49, AgainstTheWest, APT28, Fancy Bear, APT38, The Lazarus Group, APT40, Kryptonite Panda
110	14/04/2022	-	-	?	Taiwanese singer and actor Jay Chou	Attackers exploit a design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.	Vulnerability	Finance and insurance	CC	TW		Rarible, NFT, Jay Chou
111	14/04/2022	-	-	?	Dayton Independent School District	Dayton Independent School District in Texas notifies the Texas Attorney General’s Office of a data breach that involved names and Social Security Numbers of 841 Texans.`	Unknown	Education	CC	US		Dayton Independent School District
112	14/04/2022	-	-	?	Spanish football federation (RFEF)	The Spanish football federation (RFEF) says it was victim of a hacking attack which resulted in the loss of data belonging to president Luis Rubiales.	Unknown	Arts entertainment, recreation	CC	ES		Spanish football federation, RFEF
113	15/04/2022	-	-	?	Multiple organizations in the U.S.	The Cybersecurity and Infrastructure Security Agency (CISA) warns organizations about the active exploitation of CVE-2022-22960, a VMware privilege escalation flaw.	CVE-2022-22960 Vulnerability	Multiple Industries	CC	US		Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-22960, VMware
114	15/04/2022	12/04/2022	12/04/2022	?	Multiple organizations	GitHub reveals that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.	Account Takeover	Multiple Industries	CC	>1		GitHub, OAuth, Heroku, Travis-CI
115	15/04/2022	Between 26/01/2022 and 23/11/2021	14/03/2022	?	Newman Regional Health (NRH)	Newman Regional Health (NRH) notifies 52,224 patients that unauthorized individuals have gained access to certain employee email accounts that contained protected health information.	Account Takeover	Human health and social work	CC	US		Newman Regional Health, NRH
116	15/04/2022	Between 24/06/2021 and 12/08/2021	11/04/2022	?	Contra Costa County	Contra Costa County reveals a breach of employee email accounts and the exposure of sensitive personal information.	Account Takeover	Public admin and defence, social security	CC	US		Contra Costa County
117	15/04/2022	-	15/04/2022	NB65	Continent Express	In name of #OpRussia, the Anonymous-linked group NB 65 leaks nearly 400 GB of files and databases from Continent Express, Russia's largest independent travel agency.	Unknown	Arts entertainment, recreation	H	RU		NB65, Continent Express
118	15/04/2022	-	-	?	McDonald’s Costa Rica	A hacker accessed sensitive data belonging to McDonald’s Costa Rica customers through an exposed database managed by a third-party service provider.	Misconfiguration	Accommodation and food service	CC	CR		McDonald’s Costa Rica
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

SUPPORT MY WORK!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
16-30 September 2023 Cyber Attacks Timeline
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.