16-30 April 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The second timeline of April 2022 is finally out (you can find the first one at this link.) In this fortnight I have collected 97 events, that is an average of 6.47 events/day, despite this corresponds to a noticeable drop compared to the 123 events of the previous timeline, the average level continues to be quite high and, easily predictable, an important part on this is played by the war in Ukraine that is inevitably having implications even in the cyber space.

A consolidated trend since the start of the Russian invasion, is the cyber war declared by the Anonymous collective and their affiliates against the Russian government: the hacktivists continue to leak data from Russian organizations. But this is not the only way the situation in Ukraine is affecting the cyber space: the country continues to be the target of multiple operations, especially DDoS attacks against local targets, and targeted cyber espionage operations.

1-15 August 2023 Cyber Attacks Timeline

In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July…

Ransomware attacks continue to be relevant, with Conti, BlackCat, and Quantum, the new kid on the block, being the most active ransomware gangs The attacks to high-profile targets continue and the percentage of events related to ransomware is now 18.56% (up from 11.86% of the previous timeline.) Similarly, 10.3% of the events were characterized by the exploitation of a vulnerability.

Massive attacks against fintech and decentralized finance companies continue. Even in this fortnight, at least three organizations were hit for a total loss of nearly a staggering $140M worth of crypto assets.

And we are used to see quite a complicated cyber espionage landscape. Similarly to the previous months, this timeline reports many well-known threat actors (and not necessarily related to the events in Ukraine) such as Mustang Panda, DarkSeoul, APT29, and the Lazarus Group.

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	17/04/2022	-	17/04/2022	?	Beanstalk	The decentralized, credit-based finance system Beanstalk discloses that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets.	Flash loan	Fintech	CC	N/A		Beanstalk
2	17/04/2022	15/04/2022	15/04/2022	?	MetaMask users	MetaMask publishes a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple's iCloud if app data backup is active, after at least one user loses over $655k as a result of a phishing attack.	Account Takeover	Fintech	CC	>1		MetaMask
3	17/04/2022	-	-	?	Rideau Hall	Rideau Hall discloses a "sophisticated computer breach.	Unknown	Public admin and defence, social security	CC	CA		Rideau Hall
4	18/04/2022	During April 2022	During April 2022	?	State organizations of Ukraine	The Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon.	Malware	Public admin and defence, social security	CE	UA		Ukraine, CERT-UA, Azovstal, Cobalt Strike
5	18/04/2022	-	-	NB65	PSCB Petersburg Social Commercial Bank (JSC Bank "PSCB")	In name of #OpRussia, NB65, a group affiliated to the Anonymous, leaks 229,000 emails and 630,000 files from the Petersburg Social Commercial Bank (JSC Bank "PSCB"), one of the top 100 Russian banks.	Unknown	Finance and insurance	H	RU		#OpRussia, Anonymous, PSCB, Petersburg Social Commercial Bank, JSC, NB65
6	18/04/2022	During April 2022	During April 2022	?	Single Individuals	An ongoing campaign relies on poisoning search results to push a website mimicking Microsoft's promotional page for Windows 11 to deliver an infostealer able to steal browser data and cryptocurrency wallets.	Malware	Individual	CC	>1		Windows 11
7	18/04/2022	Between 2017 and 2020	-	?	65 Catalan politicians, journalists, and activists	Researchers from Citizen Lab discover a new zero-click iMessage exploit used to install the NSO Group Pegasus, and Candiru, spyware on iPhones belonging to Catalan politicians, journalists, and activists exploiting CVE-2019-3568, CVE-2021-31979, and CVE-2021-33771.	Targeted Attack	Individual	CE	ES		Citizen Lab, iMessage, NSO Group, Pegasus, Candiru, iPhones, Catalunia, CVE-2019-3568, CVE-2021-31979, CVE-2021-33771, HOMAGE
8	18/04/2022	During 2020 and 2021	-	?	Official UK networks including the Prime Minister’s Office and the Foreign and Commonwealth Office	Researchers from Citizen Lab reveal that in 2020 and 2021 they observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks including the Prime Minister’s Office and the Foreign and Commonwealth Office.	Targeted Attack	Public admin and defence, social security	CE	UK		Citizen Lab, United Kingdom, Pegasus, Prime Minister’s Office, Foreign and Commonwealth Office
9	18/04/2022	-	-	Lazarus Group AKA APT38	Organizations in the cryptocurrency and blockchain industries	CISA, the FBI, and the US Treasury Department issues a warning about TraderTraitor, a campaign carried out by the North Korean Lazarus group, targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications.	Malware	Fintech	CC	US		CISA, FBI, US Treasury Department, TraderTraitor, Lazarus group, APT38
10	18/04/2022	-	-	?	Lilin security camera DVR devices	Researchers from Nozomi Networks discover Lilin Scanner, a new variant of the BotenaGo malware that specifically targets Lilin security camera DVR devices.	Vulnerability	Multiple Industries	CC	>1		Nozomi Networks, Lilin Scanner, BotenaGo, Lilin
11	18/04/2022	Between 30/08/2021 and 02/09/2021	-	?	Optima Dermatology Holdings	Optima Dermatology Holdings announces it has experienced an email security incident that resulted in the exposure of the protected health information of patients of The Dermatology Center of Indiana and Advanced Dermatology & Skin Cancer Center.	Account Takeover	Human health and social work	CC	US		Optima Dermatology Holdings, The Dermatology Center of Indiana, Advanced Dermatology & Skin Cancer Center.
12	19/04/2022	-	-	Anonymous	Tendertech	In name of #OpRussia, the Anonymous collective leaks 426,000 emails (160 GB) from Tendertech, a firm specializing in processing financial and banking documents on behalf of businesses and entrepreneurs.	Unknown	Professional, scientific and technical	H	RU		#OpRussia, Anonymous,Tendertech
13	19/04/2022	-	-	Anonymous	General Department of Troops and Civil Construction	In name of #OpRussia, the Anonymous leak more than 15,000 emails from the Russian General Department of Troops and Civil Construction	Unknown	Public admin and defence, social security	H	RU		Anonymous, Russian General Department of Troops and Civil Construction, #OpRussia
14	19/04/2022	-	-	Anonymous	Neocom Geoservice	In name of #OpRussia, the Anonymous leak 87,500 emails (107GB) from Neocom Geoservice, an engineering firm specializing in exploring oil and gas fields and providing drilling support.	Unknown	Professional, scientific and technical	H	RU		#OpRussia, Anonymous, Neocom Geoservice
15	19/04/2022	-	-	Conti	Government of Costa Rica	Several systems operated by the government of Costa Rica are hit by a Conti ransomware attack.	Malware	Public admin and defence, social security	CC	CR		Costa Rica, Conti, ransomware
16	19/04/2022	During March 2022	During March 2022	Emotet	Multiple organizations	Multiple security researchers observe a sharp rise in the Emotet activity from February to March.	Malware	Multiple Industries	CC	>1		Emotet
17	19/04/2022	.	.	Multiple threat actors	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) warns of attackers now exploiting Windows Print Spooler bug CVE-2022-22718.	CVE-2022-22718 vulnerability	Multiple Industries	N/A	US		Cybersecurity and Infrastructure Security Agency, CISA, Windows Print Spooler, CVE-2022-22718
18	19/04/2022	'Recently'	'Recently'	Hive	Vulnerable Microsoft Exchange servers	Researchers from Varonis reveal that a Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon.	ProxyShell vulnerability	Multiple Industries	CC	>1		Varonis, Hive, Ransomware, Microsoft Exchange, Cobalt Strike
19	19/04/2022	During April 2022	During April 2022	?	Individuals in the US	Researchers from Resecurity discover a phishing campaign impersonating the IRS, and one of the industry vendors who provide solutions to government agencies.	Account Takeover	Individual	CC	US		Resecurity, IRS
20	19/04/2022	Since 11/04/2022	-	DragonForce Malaysia	Multiple entities in Israel	Researchers from Radware reveal the details of the resurgence of OpsBedilReloaded targeting multiple entities in Israel.	Defacement	Multiple Industries	H	IL		DragonForce Malaysia, OpsBedilReloaded
21	19/04/2022	14/04/2022	14/04/2022	?	Funky Pigeon	The British retailer Funky Pigeon announces that it had experienced a “cyber incident.”	Unknown	Wholesale and retail	CC	UK		Funky Pigeon
22	19/04/2022	-	-	?	Undisclosed airline systems provider	An undisclosed airline systems provider is breached and as a consequence, thousands of passengers of Canadian low-cost airline, Sunwing Airlines Inc, face flight delays.	Unknown	Professional, scientific and technical	CC	CA		Sunwing Airlines Inc,
23	19/04/2022	16/04/2022	16/04/2022	?	Unified Government of Wyandotte County and Kansas City	The Unified Government of Wyandotte County and Kansas City is hit by a cyber attack.	Unknown	Public admin and defence, social security	CC	US		Unified Government of Wyandotte County and Kansas City
24	20/04/2022	-	-	Anonymous	Worldwide Invest	In name of #OpRussia, the Anonymous release 250,000 emails (130 GB) from Worldwide Invest, an investment firms with ties to Estonia and Russian railways.	Unknown	Finance and insurance	H	RU		#OpRussia, Anonymous, Worldwide Invest
25	20/04/2022	-	-	Anonymous	Sawatzky	In name of #OpRussia, the Anonymous release 575,000 emails (432 GB) from Sawatzky, a property management company.	Unknown	Real estate	H	RU		#OpRussia, Anonymous, Sawatzky
26	20/04/2022	'Recently'	'Recently'	Gamaredon (AKA Armageddon/Shuckworm)	Organizations in Ukraine	Researchers from Symantec Broadcom report that the Russian state-sponsored threat group known as Gamaredon (a.k.a. Armageddon/Shuckworm) is launching attacks against targets in Ukraine using new variants of the custom Pteredo backdoor.	Targeted Attack	Multiple Industries	CE	UA		Symantec Broadcom, Gamaredon, Armageddon, Shuckworm, Ukraine, Pteredo, Russia
27	20/04/2022	-	-	GhostSec	Metrospetstekhnika	In name of #OpRussia, the group GhostSec, affiliated to the Anonymous collective, claims to have breached Metrospetstekhnika, provider of 'every metro in Russia.	Unknown	Transportation and storage	H	RU		#OpRussia, GhostSec, Anonymous, Russia
28	20/04/2022	August 2020	-	Anonymous	Synesis Surveillance System	In name of #OpRussia the Anonymous collective leaks 1.2 GB of data from Synesis Surveillance System.	Unknown	Professional, scientific and technical	H	RU		#OpRussia, Anonymous, Synesis Surveillance System
29	20/04/2022	-	-	Anonymous	Gazregion	In name of #OpRusiia, the Anonymous collective leaks 222 GB of data from Gazregion, a construction company specializing in gas pipelines and facilities	Unknown	Professional, scientific and technical	H	RU		#OpRusiia, Anonymous, Gazregion
30	20/04/2022	Starting from 18/04/2022	Starting from 18/04/2022	Killnet	Multiple websites in Czech Republic, including the Czech railways, the Karlovy Vary and Pardubice airports, and the public administration portal.	The pro-Russian collective Killnet takes down multiple websites in Czech Republic.	DDoS	Multiple Industries	H	CZ		Killnet, Czech Republic, Czech railways, Karlovy Vary airport, Pardubice airport, public administration portal
31	20/04/2022	-	-	REvil	Undisclosed organization	REvil ransomware’s servers in the TOR network are back up after months of inactivity and redirecting to a new operation that launched recently.	Malware	Unknown	CC	N/A		REvil
32	20/04/2022	During March 2022	-	?	Facebook users	Researchers at Abnormal Security reveal the detail of a phishing campaign leveraging the Facebook infrastructure.	Account Takeover	Individual	CC	>1		Abnormal Security, Facebook
33	20/04/2022	Between 19/10/2021 and 21/10/2021	-	?	Los Angeles County Department of Mental Health	The Los Angeles County Department of Mental Health reveals to have suffered a “malicious cyberattack” that compromised client information of 5,129 individuals.	Malware	Human health and social work	CC	US		Los Angeles County Department of Mental Health
34	20/04/2022	24/11/2021	-	?	Healthplex Inc.	Healthplex Inc. announces that the email account of an employee was compromised in a phishing attack on November 24, 2021.	Account Takeover	Human health and social work	CC	US		Healthplex Inc.
35	20/04/2022	Between 06/06/2020 and 12/06/2020	17/07/2020	?	La Casa de Salud	La Casa de Salud discloses an email account breach that was detected on July 17, 2020.	Account Takeover	Human health and social work	CC	US		La Casa de Salud
36	20/04/2022	09/04/2022	09/04/2022	?	Tehama County Social Services Department	Tehama County Social Services Department continues its investigation into a technical disruption to the operations of systems within its computer network on April 9.	Unknown	Human health and social work	CC	US		Tehama County Social Services Department, Quantum, ransomware
37	20/04/2022	December 2021	-	?	Eye Care Leaders	Eye Care Leaders is hit by multiple ransomware attacks.	Malware	Professional, scientific and technical	CC	US		Eye Care Leaders, ransomware
38	21/04/2022	-	-	Anonymous	Accent Capital	In name of #OpRussia the Anonymous leak 365.000 emails (211 GB) from the Russian real-estate investment firm Accent Capital.	Unknown	Real estate	H	RU		#OpRussia, Anonymous, Accent Capital
39	21/04/2022	Between November 2021 and March 2022	Between November 2021 and March 2022	BlackCat (AKA ALPHV)	60 organizations worldwide	The Federal Bureau of Investigation (FBI) says the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022.	Malware	Multiple Industries	CC	>1		Federal Bureau of Investigation, FBI, BlackCat, ALPHV, ransomware
40	21/04/2022	-	-	Lemon_Duck	Misconfigured Linux servers	Researchers from Crowdstrike reveal that Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet.	Misconfiguration	Multiple Industries	CC	>1		Crowdstrike, Docker, Linux, Lemon_Duck
41	21/04/2022	'Recently'	'Recently'	?	Multiple organizations	Security researchers at Cyble reveal the details of Prynt Stealer, an infostealer offering powerful capabilities and extra keylogger and clipper modules.	Malware	Multiple Industries	CC	>1		Cyble, Prynt Stealer
42	21/04/2022	During March 2022	During March 2022	?	Single individuals	Researchers from Avanan reveal the details of a phishing campaign spoofing the credit unions.	Account Takeover	Finance and insurance	CC	US		Avanan, credit unions
43	21/04/2022	Early December 2021	Early December 2021	?	Lincoln College	Lincoln College is hit by a ransomware attack and is forced to shut down the operations.	Malware	Education	CC	US		Lincoln College
44	21/04/2022	20/04/2022	20/04/2022	Altahrea Team	Israel Airports Authority	A pro-Iran hacking group named Altahrea Team hits the website of the Israel Airports Authority.	DDoS	Transportation and storage	H	IL		Altahrea Team, Israel Airports Authority
45	22/04/2022	22/04/2022	22/04/2022	?	Ukraine's national postal service (Ukrposhta)	Ukraine's national postal service Ukrposhta is hit with a DDoS attack.	DDoS	Public admin and defence, social security	CW	UA		Ukraine, National Postal Service, Ukrposhta
46	22/04/2022	-	-	Anonymous	Enerpred	In name of #OpRussia the Anonymous leak 645,000 emails (432 GB) from Enerpred, the largest producer of hydraulic tools in Russia specializing in the energy, petrochemical, coal, gas and construction industries.	Unknown	Manufacturing	H	RU		#OpRussia, Anonymous, Enerpred
47	22/04/2022	'Several weeks ago'	'Several weeks ago'	Lapsus$	T-Mobile	T-Mobile confirms that the Lapsus$ extortion gang breached its network "several weeks ago" using stolen credentials and gained access to internal systems.	Account Takeover	Information and communication	CC	US		T-Mobile, Lapsus$
48	22/04/2022	-	21/04/2022	LockBit	Secretary of State for Finance of Rio de Janeiro	The Secretary of State for Finance of Rio de Janeiro confirms that it was dealing with a ransomware attack on its systems.	Malware	Public admin and defence, social security	CC	BR		Secretary of State for Finance of Rio de Janeiro, Lockbit, ransomware
49	22/04/2022	During March 2022	During March 2022	BlackCat (AKA ALPHV)	Undisclosed organization	Researchers from Forescout reveal the detail of a BlackCat ransomware attack during an attack exploiting an Internet-exposed SonicWall firewall to gain initial access to the network and then moving to and encrypting a VMware ESXi virtual farm.	SonicWall vulnerability	Unknown	CC	N/A		BlackCat, ALPHV, Forescout, Sonicwall, ransomware
50	22/04/2022	-	-	?	Multiple organizations	Researchers from Rapid7 reveal that the vulnerability CVE-2022-29464, affecting the enterprise software development solutions provider WSO2 is currently exploited in the wild.	CVE-2022-29464 Vulnerability	Multiple Industries	CC	>1		Rapid7, CVE-2022-29464, WSO2
51	22/04/2022	21/02/2022	23/02/2022	?	Center for Life Management (CLM)	The Mental Health Center of Greater Manchester (MHCGM) in New Hampshire has announced that patient data was potentially compromised in a cyberattack at a third-party community mental health services partner, Center for Life Management (CLM), which was used for data storage.	Unknown	Human health and social work	CC	US		Mental Health Center of Greater Manchester, MHCGM, Center for Life Management, CLM
52	23/04/2022	-	22/10/2021	?	Illinois Gastroenterology Group (IGG)	Illinois Gastroenterology Group (IGG) discloses to have suffered a data security incident that potentially impacted 227,943 individuals.	Unknown	Human health and social work	CC	US		Illinois Gastroenterology Group, IGG
53	23/04/2022	27/11/2021	30/11/2021	?	Scott County	Scott County discloses a phishing attack.	Account Takeover	Public admin and defence, social security	CC	US		Scott County
54	24/04/2022	-	24/04/2022	Conti	Junta Administrativa del Servicio Eléctrico de Cartago (JASEC)	The Conti ransomware gang cripples the systems of the Junta Administrativa del Servicio Eléctrico de Cartago (JASEC).	Malware	Electricity, gas steam, air conditioning	CC	CR		Conti, ransomware, Junta Administrativa del Servicio Eléctrico de Cartago, JASEC
55	24/04/2022	'Recently'	'Recently'	?	Multiple targets in Iran	Iran’s state television says authorities have foiled a massive cyberattacks that sought to target public services, both government and privately owned.	Unknown	Multiple Industries	CW	>1		Iran
56	25/04/2022	-	-	Quantum	Undisclosed organization	Researchers at The DFIR Report disclose the technical details of a Quantum ransomware attack that lasted only 3 hours and 44 minutes from initial infection to the completion of encrypting devices.	Malware	Unknown	CC	N/A		The DFIR Report, Quantum, ransomware
57	25/04/2022	19/04/2022	19/04/2022	?	GHT Coeur Grand Est.	The GHT Coeur Grand Est. Hospitals and Health Care group disconnects all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data.	Unknown	Human health and social work	CC	FR		GHT Coeur Grand Est.
58	25/04/2022	During April 2022	During April 2022	Emotet	Multiple organizations	The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.	Malware	Multiple Industries	CC	>1		Emotet
59	25/04/2022	During April 2022	During April 2022	Multiple threat actors (including Rocket Kitten)	Multiple organizations	Researchers from Morphisec reveal that advanced hackers are actively exploiting a critical remote code execution (RCE) vulnerability, CVE-2022-22954, that affects in VMware Workspace ONE Access (formerly called VMware Identity Manager).	CVE-2022-22954 Vulnerability	Multiple Industries	CC	>1		Morphisec, CVE-2022-22954, VMware Workspace ONE Access, VMware Identity Manager, Rocket Kitten
60	25/04/2022	25/04/2022	25/04/2022	?	Bored Ape Yacht Club (BAYC)	Popular NFT company Bored Ape Yacht Club (BAYC) reveals that cybercriminals hacked its Instagram account and used the access to share fraudulent phishing sites that allowed the theft of dozens of NFTs worth millions of dollars.	Account Takeover	Fintech	CC	N/A		Bored Ape Yacht Club, BAYC
61	25/04/2022	Between 18/01/2022 and 24/02/2022	-	?	ARcare	ARcare notifies people whose personal and/or medical information may have been accessed or acquired in a malware incident impacting 345,353 patients.	Malware	Human health and social work	CC	US		ARcare
62	25/04/2022	-	-	Hackers of Savior	Bank of Israel	A group of hackers purportedly linked to Iran dubbed Hackers of Savior, claims to have succeeded in hacking into the system used to transfer money between Israeli banks and through it entered into people’s personal accounts.	Unknown	Finance and insurance	H	IL		Iran, Hackers of Savior, Bank of Israel
63	25/04/2022	-	-	?	Aeropost	Aeropost suffers a credit card breach.	Unknown	Wholesale and retail	CC	US		Aeropost
64	26/04/2022	-	-	Stormous	Coca-Cola	Coca-Cola investigates the claims of a cyberattack on its network after the Stormous ransomware gang said that it successfully breached some of the company's servers and stole 161 GB of data.	Unknown	Accommodation and food service	CC	US		Coca-Cola, Stormous, ransomware
65	26/04/2022	22/04/2022	22/04/2022	Black Basta	American Dental Association (ADA)	The American Dental Association (ADA) is hit by the new Black Basta ransomware.	Malware	Human health and social work	CC	US		American Dental Association, ADA, Black Basta, ransomware
66	26/04/2022	During April 2022	During April 2022	Emotet	Multiple organizations	The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default.	Malware	Multiple Industries	CC	>1		Emotet, LNK
67	26/04/2022	During February 2022	During February 2022	Hive0117	Telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.	Researchers from IBM Security X-Force identify a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, designed to deliver the fileless malware variant dubbed DarkWatchman.	Malware	Information and communication	CC	>1		IBM Security, X-Force, Hive0117, DarkWatchman
68	26/04/2022	18/04/2022	18/04/2022	LockBit	EKZ	Library lending app Onleihe announces problems lending several media formats offered on the platform, like audio, video, and e-book files, after a ransomware attack targeted their service provider EKZ.	Malware	Information and communication	CC	DE		LockBit, Onleihe, ransomware, EKZ
69	26/04/2022	Between 04/04/2022 and 19/04/2022	Between 04/04/2022 and 19/04/2022	TA542	Multiple organizations	Researchers from Proofpoint identify a new low-volume Emotet campaign using Onedrive links to distribute the malicious payload.	Malware	Multiple Industries	CC	>1		Emotet, Proofpoint, Onedrive
70	26/04/2022	During the week of 18/04/2022	-	?	Tenet Healthcare Corporation	Tenet Healthcare Corporation investigates a cybersecurity incident.	Unknown	Human health and social work	CC	US		Tenet Healthcare Corporation
71	26/04/2022	Since at least one year	-	Lazarus Group	Users in South Korea	Researchers from Zscaler reveal the details of a campaign carried out by the North Korean Lazarus Group, targeting users in South Korea using Naver-themed credential phishing.	Targeted Attack	Individual	CE	KR		Zscaler, Lazarus Group, Naver
72	27/04/2022	-	-	Anonymous	Elektrocentromontazh (ECM)	In name of #OpRussia, the Anonymous collective leals 1.23 million emails (1.7 TB of data) from Elektrocentromontazh (ECM), the primary power organization of Russia.	Unknown	Electricity, gas steam, air conditioning	H	RU		f#OpRussia, Anonymous, Elektrocentromontazh, ECM
73	27/04/2022	During March 2022	During March 2022	Mustang Panda (AKA HoneyMyte, Bronze President)	Russian state officers	Researchers from Secureworks discover a campaign carried out by the Mustang Panda group targeting Russian state officers with the PlugX remote access tool.	Targeted Attack	Public admin and defence, social security	CE	RU		Secureworks, Mustang Panda, HoneyMyte, Bronze President, Russia, China
74	27/04/2022	Early 2022	Early 2022	?	Multiple organizations	Researchers at Bitdefender uncover yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware exploiting CVE-2021-26411, an Internet Explorer vulnerability.	CVE-2021-26411 Vulnerability	Multiple Industries	CC	>1		Bitdefender, RIG Exploit Kit, RedLine, CVE-2021-26411, Internet Explorer
75	27/04/2022	At least since 21/04/2022	At least since 21/04/2022	Onyx	Six undisclosed organizations	A new Onyx ransomware operation is destroying files larger than 2MB instead of encrypting them, preventing those files from being decrypted even if a ransom is paid.	Malware	Multiple Industries	CC	>1		Onyx, Ransomware
76	27/04/2022	27/04/2022	27/04/2022	?	Austin Peay State University (APSU)	Austin Peay State University (APSU) confirms to have been hit with a ransomware attack.	Malware	Education	CC	US		Austin Peay State University, APSU, ransomware
77	27/04/2022	Earlier in April 2022	Earlier in April 2022	?	Undisclosed Crypto Platform	Internet infrastructure company Cloudflare reveals that it mitigated a 15.3 million request-per-second (rps) volumetric distributed denial of service (DDoS) attack.	DDoS	Fintech	CC	N/A		Cloudflare, DDoS
78	27/04/2022	During February 2022	During February 2022	Stonefly (AKA DarkSeoul, BlackMine, Operation Troy, and Silent Chollima)	Unnamed engineering company with energy and military customers	Researchers from Symantec/Broadcom reveal that an unnamed engineering company with energy and military customers was recently the target of the North Korean group Stonefly.	Log4j vulnerability (CVE-2021-44228)	Professional, scientific and technical	CE	N/A		Symantec, Broadcom, Stonefly, DarkSeoul, BlackMine, Operation Troy, Silent Chollima, CVE-2021-44228
79	27/04/2022	'Recently'	'Recently'	?	Users applying for Thailand travel passes	Researchers from Zscaler discover a malware campaign targeting users applying for Thailand travel passes. The end payload of many of these attacks is AsyncRAT.	Malware	Individual	CC	TH		Zscaler, Thailand, AsyncRAT
80	27/04/2022	Between 10/02/2022 and 14/02/202	09/04/2022	?	Sabre Corporation	A cyber-attack on Sabre Corporation exposes the personal data of thousands of guests who stayed at five hotels in Finland.	Undisclosed vulnerability	Accommodation and food service	CC	FI		Sabre Corporation, Finland
81	28/04/2022	During April 2022	During April 2022	?	Pro-Ukraine sites and the government web portal.	Ukraine's computer emergency response team (CERT-UA) publishes an announcement warning of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal from compromised WordPress sites.	DDoS	Public admin and defence, social security	CW	UA		Ukraine, CERT-UA, DDoS
82	28/04/2022	28/04/2022	28/04/2022	?	Massy Stores	Massy Stores, the largest supermarket chain in Trinidad is hit with a Cyber Attack.	Unknown	Wholesale and retail	CC	TT		Massy Stores, Trinidad
83	28/04/2022	27/04/2022	27/04/2022	?	Deus Finance	Decentralized finance (DeFi) platform Deus Finance confirms reports that an attacker stole about $13.4 million worth of cryptocurrency.	Flash loan attack	Fintech	CC	N/A		Deus Finance
84	28/04/2022	-	-	?	Battelle for Kids	Battelle for Kids, a company that houses student’s state testing information for districts across Ohio, is the victim of a ransomware attack.	Malware	Professional, scientific and technical	CC	US		Battelle for Kids, ransomware
85	28/04/2022	Early April 2022	-	Conti	Elgin County	The Conti ransomware group dumps the data allegedly leaked from Elgin County.	Malware	Public admin and defence, social security	CC	US		Conti, ransomware, Elgin County
86	28/04/2022	Between 10/11/2020 and 20/11/2020	-	?	Worcester County	Worcester County discloses a breach of the county government email account which contained limited personal information belonging to about 3,000 government and board of education employee and retiree accounts.	Account Takeover	Public admin and defence, social security	CC	US		Worcester County
87	28/04/2022	'Recently'	'Recently'	?	Customers of major financial institutions and online-retailers	Researchers from Resecurity reveal the details of "Frappo", a new phishing kit that allows to host and generate high-quality phishing pages which impersonate major online-banking, e-commerce, popular retailers, and online-services to steal customer data.	Account Takeover	Finance and insurance	CC	>1		Resecurity, Frappo
88	29/04/2022	-	-	Anonymous	ALET	in name of #OpRussia, the Anonymous collective releases a 1.1 TB archive that contains nearly 1.1 million emails from ALET, a customs broker for companies in the fuel and energy industries.	Unknown	Finance and insurance	H	RU		#OpRussia, Anonymous, ALET
89	29/04/2022	During April 2022	During April 2022	Killnet	Several public websites managed by the state entities in Romania	The Romanian national cyber security and incident response team, DNSC, issues a statement about a series of DDoS attacks targeting several public websites managed by the state entities carried out by a pro-Russian group dubbed Killnet.	DDoS	Public admin and defence, social security	CW	RU		DNSC, Killnet
90	29/04/2022	SInce mid-January 2022	SInce mid-January 2022	APT29 AKA Cozy Bear or Nobelium	Diplomats and government entities	Researchers from Mandiant uncover a recent phishing campaign from Russian hackers known as APT29 (Cozy Bear or Nobelium) targeting diplomats and government entities.	Targeted Attack	Public admin and defence, social security	CE	>1		Mandiant, APT29, Cozy Bear, Nobelium
91	29/04/2022	-	Since March 2022	Bumblebee	Multiple organizations	Researchers from NCC Group reveal the details of Bumblebee, a relatively new custom malware downloader that appears to have been used by several cybercrime groups.	Malware	Multiple Industries	CC	>1		NCC Group, Bumblebee
92	29/04/2022	03/03/2022	07/03/2022	?	Salusive Health AKA myNurse	Salusive Health informs patients of a data security incident involving patient information.	Unknown	Human health and social work	CC	US		Salusive Health, myNurse
93	29/04/2022	Between 31/5/2021 and 01/06/2021	-	?	Refuah Health Center	Refuah Health Center notifies 260,740 individuals of a cybersecurity incident that occurred between May 31 and June 1, 2021.	Unknown	Human health and social work	CC	US		Refuah Health Center
94	29/04/2022	'Recently'	'Recently'	?	State Bar of Georgia	The State Bar of Georgia discloses an unauthorized access to its network.	Unknown	Professional, scientific and technical	CC	US		State Bar of Georgia
95	29/04/2022	During February 2022	-	Vice Society	ABI (Associazione Bancaria Italiana)	The ransomware group Vice Society claims responsibility for an attack to ABI, the Italian Bank Association, and publishes some employees data.	Malware	Finance and insurance	CC	IT		Ransomware, Vice Society, ABI, Associazione Bancaria Italiana, Italian Bank Association
96	30/04/2022	30/04/2022	30/04/2022	?	Rari Capital	Rari Capital confirms reports from several blockchain security companies that about $80 million worth of cryptocurrency was stolen through their platform.	Reentrancy vulnerability	Fintech	CC	N/A		Rari Capital
97	30/04/2022	30/04/2022	30/04/2022	?	Saddle Finance	Saddle Finance reports that about $10.3 million worth of cryptocurrency was stolen from their platform.	Unknown	Finance and insurance	CC	N/A		Saddle Finance
98	30/04/2022	-	-	?	Valley View Hospital	Valley View Hospital is hit by a phishing attack, potentially impacting the personal data of about 21,000 people.	Account Takeover	Human health and social work	CC	US		Valley View Hospital
99	30/04/2022	During December 2021	-	?	Guernsey's Medical Specialist Group (GMSG)	Guernsey's Medical Specialist Group (GMSG) confirms it experienced a "cyber incident" which affected their email system in December 2021.	Account Takeover	Human health and social work	CC	UK		Guernsey's Medical Specialist Group, GMSG
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

SUPPORT MY WORK!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
1-15 August 2023 Cyber Attacks Timeline
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
June 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 354 events...