The first timeline of May 2022 is out. In the first half of the month I collected 101 events, that is an average of 6.73 events/day. The level of activity, reflected by the cyber events that find some space in the media outlets, continue to be quite sustained, once again, fueled by the war in Ukraine that is continuing to have repercussions in the cyber space.

The Anonymous collective and their affiliates continue their cyber war against the Russian government: even in this fortnight, the hacktivists continued to leak data from Russian organizations. And similarly to the previous weeks, Ukraine continued to be the target of multiple operations aimed to distribute malware and spy on multiple institutions.

But this situation is affecting Europe as a whole: multiple campaigns (even from Chinese gropus) were spotted, and interesting twist is also the retaliation of the Killnet pro-Russian collective with multiple DDoS attacks against countries, like Italy, accused to back Ukraine.

Ransomware attacks continue to play an important role, with the usual suspects, like Conti, who continue to hit multiple organizations. In this fortnight, 14.85% of events were characterized by ransomware (vs. 18.56% of the previous timeline.) On the other hand, the impact of attacks carried out exploiting vulnerabilities went down to 7.9% from 10.3% of the previous timeline.

Another trend that is characterizing 2022 is the occurrence of massive attacks against fintech and decentralized finance companies continue. Unfortunately the list of victims continues to grow and this fortnight was no exception.

Even threat actors motivated by cyber espionage were quite active during the first week of May. New threat actors such as UNC3524 and Moshen Dragon joined the party. Besides, as already mentioned, many well-known group, such as APT28, Turla, Ghostwriter, and Mustang Panda were involved in operations related to Ukraine. Without considering “generic” cyber espionage operations, such as the ones carried on by APT29 and APT41.

A special mention to the Pegasus spyware that continued to plague organizations and individuals worldwide, such as Spain’s Prime Minister Pedro Sanchez and Defense Minister Margarita Robles.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • 2022 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...

  • March 2023 Cyber Attacks Statistics

    After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of March 2023 where I have collected and analyzed 334 events, which...

  • Q1 2023 Cyber Attacks Statistics

    I have aggregated the statistics created from the cyber attacks timelines published in the first three months of 2023. In total...

  • 2019 Cyber Attacks Statistics

    As I promised few days ago, I have aggregated and analyzed the events collected in the cyber attacks timelines for the whole 2019, producing some (hopefully) interesting stats. At the end the total sample is composed of 1802 events, which is a sharp increase in ...

  • Photo by Towfiqu barbhuiya on UnsplashThe Biggest Data Breaches of 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.