The first timeline of May 2022 is out. In the first half of the month I collected 101 events, that is an average of 6.73 events/day. The level of activity, reflected by the cyber events that find some space in the media outlets, continue to be quite sustained, once again, fueled by the war in Ukraine that is continuing to have repercussions in the cyber space.

The Anonymous collective and their affiliates continue their cyber war against the Russian government: even in this fortnight, the hacktivists continued to leak data from Russian organizations. And similarly to the previous weeks, Ukraine continued to be the target of multiple operations aimed to distribute malware and spy on multiple institutions.

But this situation is affecting Europe as a whole: multiple campaigns (even from Chinese gropus) were spotted, and interesting twist is also the retaliation of the Killnet pro-Russian collective with multiple DDoS attacks against countries, like Italy, accused to back Ukraine.

Ransomware attacks continue to play an important role, with the usual suspects, like Conti, who continue to hit multiple organizations. In this fortnight, 14.85% of events were characterized by ransomware (vs. 18.56% of the previous timeline.) On the other hand, the impact of attacks carried out exploiting vulnerabilities went down to 7.9% from 10.3% of the previous timeline.

Another trend that is characterizing 2022 is the occurrence of massive attacks against fintech and decentralized finance companies continue. Unfortunately the list of victims continues to grow and this fortnight was no exception.

Even threat actors motivated by cyber espionage were quite active during the first week of May. New threat actors such as UNC3524 and Moshen Dragon joined the party. Besides, as already mentioned, many well-known group, such as APT28, Turla, Ghostwriter, and Mustang Panda were involved in operations related to Ukraine. Without considering “generic” cyber espionage operations, such as the ones carried on by APT29 and APT41.

A special mention to the Pegasus spyware that continued to plague organizations and individuals worldwide, such as Spain’s Prime Minister Pedro Sanchez and Defense Minister Margarita Robles.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • 2022 Cyber Attacks Statistics

    And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...

  • Photo by Tima Miroshnichenko from PexelsThe Biggest Data Breaches of 2022

    Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines...

  • Image by Pete Linforth from Pixabay1-15 January 2023 Cyber Attacks Timeline

    Let’s kick off this infosec year with the first cyber attacks timeline for January 2023. In this fortnight I have collected...

  • The Biggest Data Breaches of 2021

    With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.

  • 2020 Cyber Attacks Statistics

    As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.