16-31 May 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The second timeline of May 2022 is out. In the second half of the month I collected 120 events, corresponding to an average of 7.50 events/day, an important increase compared to the 103 events (7.87 events/day) of the previous fortnight.

The Russian invasion of Ukraine continues to characterize the cyber space, and this timeline is no exception: among the events you will find multiple cyber espionage campaigns targeting assets directly or indirectly related to the conflict, disinformation campaigns, and even several DDoS attacks (most of all in Italy) fueled by the pro-Russian Killnet collective.

Q3 2023 Cyber Attacks Statistics

The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.

Ransomware attacks continue to be a constant presence in the timeline, after the break of the previous fortnight, we are back at important percentages with 18.3% of events charcterized by this attack vector (a level similar to April after the 14.85% of the previous timeline.) Even the exploitation of vulnerabilities is back to the levels of April, with 10% of events (from 7.9% of the previous timeline) occurred leveraging a security hole in a software component.

And similarly, the attacks against Decentralized Finance platforms continue to characterized this troubled 2022: this time it was turn of the Mirror Protocol, which suffered the theft of more than $2 worth of cryptocurrency. Always related to fintech, are the numerous campaigns targeting collectors of NFTs, a consolidated presence even in this second timeline of May.

Analyzing the campaigns motivated by cyber espionage, the landscape is quite rich of events, even without considering those related to the conflict in Ukraine .For example the attackers, such as the Chinese group TA413 started to immediately exploit the so-called ‘Follina’ vulnerability (CVE-2022-30190). Similarly an unknown threat actor conducted several campaigns, against targets in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia, exploiting multiple vulnerabilities to install the ‘Predator’ spyware.

After this short summary, you can enjoy the interactive timeline. Thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/05/2022	Mid-May 2022	Mid-May 2022	?	German users interested in the Ukraine crisis	Researchers from Malwarebytes discover an unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data.	Malware	Individual	CE	DE		Malwarebytes, Ukraine, PowerShell RAT
2	16/05/2022	SInce at least 14/05/2022	SInce at least 14/05/2022	?	Vulnerable WordPress sites	Researchers from Wordfence reveal that attackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites.	Vulnerable WordPress Plugin (CVE-2021-25094)	Multiple Industries	CC	>1		Wordfence, CVE-2021-25094, Tatsu Builder, WordPress
3	16/05/2022	-	-	Democratic People’s Republic of Korea (DPRK)	Multiple organizations worldwide	The U.S. Department of State, the U.S. Department of the Treasury, and the Federal Bureau of Investigation warn that the Democratic People’s Republic of Korea (DPRK) is dispatching its IT workers to get freelance jobs at companies across the world to obtain privileged access that is sometimes used to facilitate cyber intrusions.	Privileged Access	Multiple Industries	CE	>1		U.S. Department of State, U.S. Department of the Treasury, Federal Bureau of Investigation, FBI, Democratic People’s Republic of Korea, DPRK
4	16/05/2022	Between 11/04/2022 29/04/2022	Between 11/04/2022 29/04/2022	?	General Motors	US car manufacturer General Motors discloses that it was the victim of a credential stuffing attack that exposed some customers' information and allowed the attackers to redeem rewards points for gift cards.	Credential Stuffing	Manufacturing	CC	US		General Motors
5	16/05/2022	-	-	Facestealer	Android users	Researchers from Trend Micro identify more than 200 variants of the Facestealer malware in the Google Play store, before Google took them down.	Malware	Individual	CC	>1		Trend Micro, Facestealer, Google Play
6	16/05/2022	'Recently'	'Recently'	UpdateAgent	macOS users	Researchers from JAMF discover a new variant of the UpdateAgent macOS malware written in Swift.	Malware	Multiple Industries	CC	>1		JAMF, UpdateAgent, macOS, Swift
7	16/05/2022	-	25/12/2021	?	Heidell, Pittoni, Murphy & Bach, LLP ('HPM&B')	Heidell, Pittoni, Murphy & Bach, LLP ('HPM&B') discloses a data security incident affecting 114,979 individuals.	Unknown	Professional, scientific and technical	CC	US		Heidell, Pittoni, Murphy & Bach, LLP, HPM&B
8	16/05/2022	-	-	?	Hokusen Co.	Hokusen Co., issues a notice in which it addressed a data breach potentially affecting the personal information of up to 44,559 customers, when it discovered that personal information may have been leaked due to unauthorised access by a third party.	Unknown	Wholesale and retail	CC	JP		Hokusen Co.
9	16/05/2022	-	-	?	Elgin County	The Elgin County suffers a cyber attack that puts its email and website offline for nearly one month. The data of 330 individuals is also compromised.	Unknown	Public admin and defence, social security	CC	CA		Elgin County
10	16/05/2022	During December 2021	-	?	Michigan Avenue Immediate Care	Michigan Avenue Immediate Care is hacked by an unknown threat actor, and more that 580 GB personal information about ~43.000 patients is leaked.	Unknown	Human health and social work	CC	US		Michigan Avenue Immediate Care
11	17/05/2022	-	-	Space Pirates	Organizations in the aerospace industry in Russia, Georgia, and Mongolia.	Researchers from Positive Technologies discover a cyber espionage chinese group, dubbed 'Space Pirates' targeting Russian organizations in the aerospace industry.	Targeted Attack	Professional, scientific and technical	CE	RU GE MN		Positive Technologies, China, Space Pirates
12	17/05/2022	-	-	?	Poorly secured Microsoft SQL Servers	Microsoft warns of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords.	Brute-Force	Multiple Industries	CC	>1		Microsoft, SQL Server, MSSQL
13	17/05/2022	During January 2022	During January 2022	Unidentified threat actors	Undisclosed US Business	The Federal Bureau of Investigations (FBI) issues a warning about attackers scraping credit card data from the checkout pages of US businesses' websites via a malicious PHP script.	Malicious Script Injection	Unknown	CC	US		Federal Bureau of Investigations, FBI, PHP
14	17/05/2022	-	-	?	Cryptocurrency users	Researchers from Microsoft warn of the rise of cryware, malicious software used to steal info an funds from hot wallets.	Malware	Fintech	CC	>1		Crypto, Microsoft, Cryware
15	17/05/2022	-	-	LockBit	Mercyhurst University	The LockBit ransomware gang claims to have hit the Mercyhurst University.	Malware	Education	CC	US		LockBit, Ransomware, Mercyhurst University.
16	17/05/2022	12/08/2021	-	?	Northern Rockies Orthopaedics	Northern Rockies Orthopaedics discloses a phishing incident affecting 6,701 individuals	Account Takeover	Human health and social work	CC	US		Northern Rockies Orthopaedics
17	17/05/2022	17/05/2022	17/05/2022	?	Seth Green	Comedian Seth Green announces that he'd been phished by scammers who stole several high-value NFTs from his crypto wallet.	Account Takeover	Fintech	CC	US		Seth Green, NFT
18	18/05/2022	Since 18/05/2022	18/05/2022	Obfuscated Dreams of Scheherazade	Russian Officials	A group of hacktivists going by the name of “Obfuscated Dreams of Scheherazade” create a website that allows visitors to make prank calls to two randomly selected Russian officials.	Robo-calls	Public admin and defence, social security	H	RU		Obfuscated Dreams of Scheherazade, Russia
19	18/05/2022	Since at least 12/05/2022	Since at least 12/05/2022	?	Cryptocurrency users	Security researchers discover a campaign where threat actors are luring potential thieves by spamming login credentials for other people accounts on fake crypto trading sites.	Crypto scams	Fintech	CC	>1		Crypto
20	18/05/2022	-	-	ERMAC	Android mobile banking users	Researchers from ESET discover a new version of the ERMAC Android banking trojan, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.	Malware	Finance and insurance	CC	>1		ESET, ERMAC, Android
21	18/05/2022	18/05/2022	18/05/2022	?	Washington Local Schools	The Washington Local Schools says a cyberattack affected phone, email, internet and WiFi networks as well as all Google Classroom systems.	Unknown	Education	CC	US		Washington Local Schools
22	18/05/2022	Since 09/05/2022	09/05/2022	?	Greenland hospital system	The government of Greenland confirms reports that the island’s hospital system was “severely” impacted by a cyberattack.	Unknown	Education	CC	GL		Greenland
23	18/05/2022	24/11/2021	24/11/2021	?	Bryan County Ambulance Authority	Bryan County Ambulance Authority notifies 14,000 patients that their data was stolen ahead of a November 2021 ransomware attack.	Malware	Human health and social work	CC	US		Bryan County Ambulance Authority, ransomware
24	18/05/2022	Between 10/11/2021 and 24/11/2021	24/11/2021	?	Allaire Healthcare Group	Allaire Healthcare Group reveals that an unauthorized individual has gained access to the email account of one of its employees.	Account Takeover	Human health and social work	CC	US		Allaire Healthcare Group
25	18/05/2022	-	-	?	Machatt Co., Ltd.	Machatt Co., Ltd. issues a notice in which it addressed a data breach potentially affecting the personal information of up to 16,093 customers. In particular, Machatt confirmed that it discovered that personal information of customers from the Machatt online store operated by its company may have been leaked due to unauthorised access by a third party.	Unknown	Wholesale and retail	CC	JP		Machatt Co
26	18/05/2022	18/05/2022	18/05/2022	?	Collectors of NFTs	A compromised NFT Discord Server of Memeland, RTFKT, PROOF/Moonbirds and infrastructure company Cyberconnect is used to deliver phishing pages.	Account Takeover	Fintech	CC	>1		NFT, Discord, Memeland, RTFKT, PROOF/Moonbirds, Cyberconnect
27	18/05/2022	Since at least February 2022	Since at least February 2022	BlackByte	Organizations all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam.	Researchers from Cisco Talos reveal the details of the latest campaigns from the BlackByte ransomware group.	Malware	Multiple Industries	CC	>1		Cisco Talos, BlackByte, ransomware
28	18/05/2022	-	-	?	Malaysian National Registration Department (NRD)	The data of 22.5 million Malaysians, allegedly leaked from the National Registration Department (NRD) is leaked.	Unknown	Public admin and defence, social security	CC	MY		Malaysia, National Registration Department, NRD
29	19/05/2022	During May 2022	During May 2022	Ghostwriter	Individuals in Ukraine	Researchers from Mandiant reveal that the Ghostwriter group started to spread misinformation to divide Ukraine and its allies.	CID (Coordinated Inauthentic Behavior)	Individual	CW	UA		Ghostwriter, Russia, Ukraine
30	19/05/2022	Since February 2022	Since February 2022	Russia	Individuals in Ukraine	Researchers from Mandiant reveal the details of a Russian-influence campaign known as "Secondary Infektion," which began prior to the ground invasion and spread misinformation about Ukrainian president Volodymyr Zelenskyy. Mandiant linked the operation to a March false claim that Zelenskyy had died by suicide in the military bunker in Kyiv.	CID (Coordinated Inauthentic Behavior)	Individual	CW	UA		Mandiant, Secondary Infektion, Ukraine, Volodymyr Zelenskyy
31	19/05/2022	Since April 2022	Since April 2022	Russia	Individuals in Ukraine and Russia	A more recent Secondary Infektion campaign circulate in both Ukrainian and Russian falsely claiming that the Ukrainian and Polish governments sought to enable Polish troops to deploy in western Ukraine.	CID (Coordinated Inauthentic Behavior)	Individual	CW	UA		Mandiant, Secondary Infektion, Ukraine, Poland
32	19/05/2022	Since April 2022	Since April 2022	Russia	Individuals in Ukraine and Russia	An additional version of the Secondary Infektion campaign claims that Poland attempted to use an alleged "provocation," staged by Ukraine, to station Polish troops in the country.	CID (Coordinated Inauthentic Behavior)	Individual	CW	UA		Mandiant, Secondary Infektion, Ukraine, Poland
33	19/05/2022	Since February 2022	Since February 2022	Roaming Mayfly	Russian audiences	Researchers from Mandiant reveal the details of Roaming Mayfly, an Iranian threat actor, targeting Russian audiences on the eve of the invasion in what the security researchers say is an attempt to increase tensions between Russia and Israel.	CID (Coordinated Inauthentic Behavior)	Individual	CW	RU		Mandiant, Roaming Mayfly, Russia, Iran, Israel
34	19/05/2022	-	-	Dragonbridge	Individuals in the US and Ukraine	Researchers from Mandiant link a pro-Chinese government effort called "Dragonbridge" to an ongoing misinformation campaign that alleges Pentagon-linked labs are conducting biological weapons research in Ukraine.	CID (Coordinated Inauthentic Behavior)	Individual	CW	US UA		Mandiant, Dragonbridge, China, US, Ukraine
35	19/05/2022	Since several months	Since several months	Threat actors from China connected with Stone Panda (aka APT10) and Mustang Panda	At least two research institutes in Russia	Researchers from Check Point discover an ongoing long-lasting campaign, dubbed Twisted Panda, carried out by a Chinese threat actor, targeting at least two research institutes in Russia, part of the Rostec Corporation.	Targeted Attack	Professional, scientific and technical	CE	RU		Check Point, China, Russia, Twisted Panda, Rostec Corporation, Stone Panda, APT10, Mustang Panda
36	19/05/2022	Since several months	Since several months	Threat actors from China connected with Stone Panda (aka APT10) and Mustang Panda	A research institute in Belarus	The same campaign Twisted Panda, also targeted a research institute in Belarus.	Targeted Attack	Professional, scientific and technical	CE	BY		Check Point, China, Russia, Twisted Panda, Rostec Corporation, Stone Panda, APT10, Mustang Panda, Belarus
37	19/05/2022	13/05/2022	13/05/2022	?	Nikkei	Publishing giant Nikkei discloses that the group's headquarters in Singapore was hit by a ransomware attack on May 13, 2022.	Malware	Information and communication	CC	SG		Nikkei, Ransomware
38	19/05/2022	-	-	DEADBOLT	Misconfigured QNAP devices	QNAP warns customers to secure their devices against attacks pushing DeadBolt ransomware payloads.	Malware	Multiple Industries	CC	>1		QNAP, DeadBolt, ransomware
39	19/05/2022	'Recently'	'Recently'	?	Multiple organizations	Researchers from Trustwave discover a phishing website containing a chatbot, able to establish a conversation first, and to guide the victim to the actual phishing pages.	Account Takeover	Multiple Industries	CC	>1		Trustwave, chatbot
40	19/05/2022	Since April 2022	-	Lazarus Group	Multiple organizations	Researchers from Ahnlab discover a new campaign by the North Korean group Lazarus group exploiting the Log4Shell vulnerability (CVE-2021-44228) to install the NukeSped backdoor.	CVE-2021-44228 Vulnerability	Multiple Industries	CC	>1		Ahnlab, North Korea Lazarus, Log4Shell vulnerability, CVE-2021-44228, NukeSped backdoor
41	19/05/2022	During the last six months	During the last six months	XorDDoS (AKA XOR DDoS)	Linux devices	Researchers from Microsoft detect an increase of infections (254% in six months) for the XorDDoS (AKA XOR DDoS) malware.	Brute-Force	Multiple Industries	CC	>1		Microsoft, XorDDoS, XOR DDoS, Linux
42	19/05/2022	During August 2021	-	State-sponsored threat actor	Targets in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.	Researchers from Google's Threat Analysis Group (TAG) uncover three campaigns carried out by state-backed threat actors using five zero-day vulnerabilities to install the Predator spyware developed by commercial surveillance developer Cytrox.	CVE-2021-38000 Vulnerability	Multiple Industries	CE	>1		Google, Threat Analysis Group, TAG, Predator, Cytrox, CVE-2021-38000
43	19/05/2022	During September 2021	-	State-sponsored threat actor	Targets in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.	Researchers from Google's Threat Analysis Group (TAG) uncover three campaigns carried out by state-backed threat actors using five zero-day vulnerabilities to install the Predator spyware developed by commercial surveillance developer Cytrox.	CVE-2021-37973 and CVE-2021-37976 vulnerabilities	Multiple Industries	CE	>1		Google, Threat Analysis Group, TAG, Predator, Cytrox, CVE-2021-37973, CVE-2021-37976
44	19/05/2022	During October 2021	-	State-sponsored threat actor	Targets in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.	Researchers from Google's Threat Analysis Group (TAG) uncover three campaigns carried out by state-backed threat actors using five zero-day vulnerabilities to install the Predator spyware developed by commercial surveillance developer Cytrox.	CVE-2021-38003, CVE-2021-1048 vulnerabilities	Multiple Industries	CE	>1		Google, Threat Analysis Group, TAG, Predator, Cytrox, CVE-2021-38003, CVE-2021-1048
45	19/05/2022	-	-	Cl0p	Fort Sumner Municipal Schools.	The Cl0p ransomware gang leaks the data stolen from the Fort Sumner Municipal Schools.	Malware	Education	CC	US		Cl0p, ransomware, Fort Sumner Municipal Schools
46	19/05/2022	Since at least 2020	During May 2022	FSB Contractor	Single individuals worldwide	Researchers from Nisos reveal the details of the Russian Fronton botnet, able to create a coordinated inauthentic behavior "on a massive scale" to spread misinformation and propaganda.	CID (Coordinated Inauthentic Behavior)	Individual	CW	>1		Nisos, Russia, Fronton
47	19/05/2022	During April 2022	During April 2022	?	Multiple organizations	Researchers from Zscaler discover a new collection of phishing domains offering up fake Windows 11 installers that actually deliver the Vidar information-stealing malware.	Malware	Multiple Industries	CC	>1		Zscaler, Windows 11, Vidar
48	19/05/2022	Since at least May 2022	10/05/2022	?	Rust developers	Researchers from Sentinel Labs reveal the details of 'CrateDepression', a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines.	Malware	Multiple Industries	CC	>1		Sentinel Labs, CrateDepression, GitLab, Continuous Integration, CI
49	19/05/2022	-	-	Vice Society	Atlanta Perinatal Associates	The Vice Society ransomware gang claims to have acquired patient files from Atlanta Perinatal Associates.	Malware	Human health and social work	CC	US		Vice Society, ransomware, Atlanta Perinatal Associates
50	20/05/2022	-	-	Sandworm	Targets in Ukraine	Researchers from ESET discover a new version of the Industroyer2 malware, dubbed ArguePatch, deployed against targets in Ukraine.	Malware	Multiple Industries	CW	UA		ESET, Industroyer2, ArguePatch, Ukraine, Sandworm
51	20/05/2022	Since at least 06/05/2022	Since at least 06/05/2022	Pro-Ukrainian hacking groups	Sberbank	Russia's banking and financial services company Sberbank is being targeted in a wave of unprecedented DDoS attacks	DDoS	Finance and insurance	H	RU		Sberbank
52	20/05/2022	20/05/2022	20/05/2022	Killnet	Websites of various Italian institutions and government ministries	The websites of various Italian institutions and government ministries are taken down by the Killnet collective.	DDoS	Public admin and defence, social security	H	IT		Killnet, Russia
53	20/05/2022	20/05/2022	20/05/2022	Killnet	Italian airports of Malpensa, Linate and Orio al Serio	The websites of the Italian airports of Malpensa, Linate and Orio al Serio are taken down by the pro-Russian Killnet collective.	DDoS	Transportation and storage	H	IT		Malpensa, Linate, Orio al Serio, Killnet, Russia
54	20/05/2022	-	-	?	Organizations using the School Management WordPress plugin	Researchers from Jetpack discover a backdoor in School Management, a premium WordPress plugin designed as a complete management solution for schools. The malicious code, whose source is unknown to the author of the plugin, enables a threat actor to execute PHP code without authenticating.	Malicious WordPress Plugin	Education	CC	>1		Jetpack, School Management, WordPress
55	20/05/2022	During May 2022	During May 2022	Multiple threat actors	Vulnerable Cisco IOS XR routers	Cisco addresses a zero-day vulnerability in its IOS XR routers (CVE-2022-20821) currently exploited in attacks.	CVE-2022-20821 vulnerability	Multiple Industries	N/A	>1		Cisco, IOS XR, CVE-2022-20821
56	20/05/2022	17/05/2022	17/05/2022	?	Windows, Linux, and macOS systems	Researchers from Sonatype discover 'pymafka', a malicious Python package performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.	Malware	Multiple Industries	CC	>1		Sonatype, pymafka, Python, Cobalt Strike, Windows, Linux, macOS
57	20/05/2022	01/12/2021	-	?	Battelle for Kids	The Chicago Public Schools suffers a massive data breach that exposes the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December 2021	Malware	Education	CC	US		Chicago Public Schools, Battelle for Kids, ransomware
58	20/05/2022	Earlier in 2022	Earlier in 2022	?	Multiple organizations	Researchers from HP Wolf security discover a malicious campaign using PDF attachments to smuggle malicious Word documents that infect users with the Snake keylogger malware.	Malware	Multiple Industries	CC	>1		HP Wolf, PDF, Word, SNake
59	20/05/2022	Mid-may 2022	Mid-may 2022	?	Security researchers	Researchers from Cyble uncover a campaign carried over by a threat actor targeting security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor, and taking advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809.	CVE-2022-24500 and CVE-2022-26809 Vulnerabilities	Individual	CC	>1		Cyble, Windows, CVE-2022-24500 and CVE-2022-26809.
60	20/05/2022	Between 25/12/2021 and 08/03/2022	08/03/2022	?	Aesto Health	Aesto Health says it suffered a data security incident that impacted its internal IT systems when an unauthorized actor had accessed Aesto Health’s systems between December 25 and March 8.	Unknown	Human health and social work	CC	US		Aesto Health
61	20/05/2022	08/04/2020	-	?	Alameda Health System (AHS)	Alameda Health System (AHS) notifies 90,000 individuals of a data breach that occurred in 2020, when an unauthorized actor was able to remotely access an employee’s email account.	Account Takeover	Human health and social work	CC	US		Alameda Health System, AHS
62	20/05/2022	During March 2022	During March 2022	?	Oswego County Opportunities (OCO)	Oswego County Opportunities (OCO) announces that a limited number of employee email accounts were accessed by an unknown actor, when suspicious email activity was detected and the email accounts were immediately secured.	Account Takeover	Public admin and defence, social security	CC	US		Oswego County Opportunities, OCO
63	20/05/2022	-	-	?	OE Enterprise	OE Enterprise discloses a phishing attack impacting 4,075 individuals.	Account Takeover	Human health and social work	CC	US		OE Enterprise
64	22/05/2022	-	During Summer 2019?	?	MGM Resorts	Miscreants dump on Telegram more than 142 million customer records stolen from MGM Resorts, exposing names, postal and email addresses, phone numbers, and dates of birth for any would-be identity thief.	Unknown	Accommodation and food service	CC	US		Telegram, MGM Resorts
65	22/05/2022	-	-	?	Cryptocurrency users	Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.	Crypto scams	Fintech	CC	>1		Crypto, Elon Musk, BitVex
66	22/05/2022	22/05/2022	22/05/2022	?	Twitter account of NFT artist Beepie (Mike Winkelmann)	Hackers take control of the Twitter account of the well-known NFT artist Beeple and are able gather around $270,000 in ETH and steal 45 NFTs worth around $165,000.	Account Takeover	Fintech	CC	US		Twitter, NFT Beeple, Mike Winkelmann
67	23/05/2022	-	-	Turla	Austrian Economic Chamber, the NATO Joint Advanced Distributed Learning, and the Baltic Defense College	Researchers from Sekoia expose a new reconnaissance campaign by the Russian state-sponsored hacking group Turla, targeting the Austrian Economic Chamber, the NATO Joint Advanced Distributed Learning, and the Baltic Defense College.	Targeted Attack	Public admin and defence, social security	CE	AT EE		Sekoia, Russia, Turla, Austrian Economic Chamber, NATO, Joint Advanced Distributed Learning, Baltic Defense College
68	23/05/2022	'Recently'	'Recently'	?	Multiple organizations	Microsoft security researchers disclose an uptick in web skimming campaigns, employing various obfuscation techniques to deliver and hide skimming scripts.	Malicious Script Injection	Wholesale and retail	CC	>1		Microsoft, web skimming
69	23/05/2022	21/05/2022	21/05/2022	?	Zola	Wedding registry website Zola confirms that it was hit with a cyberattack after dozens of customers complained on social media about their accounts being drained or breached.	Credential Stuffing	Administration and support service	CC	US		Zola
70	23/05/2022	Between 04/03/2022 and 28/03/2022	-	?	Washington University School of Medicine	Washington University School of Medicine announces that patient information has been exposed as a result of a recent data security incident when an unknown actor gained access to the email accounts of certain employees between March 4, 2022, and March 28, 2022.	Account Takeover	Public admin and defence, social security	CC	US		Washington University School of Medicine
71	23/05/2022	Between April 1, 2021, and March 31, 2022	-	?	Homestead Hospice & Palliative Care	The data of 28,332 patients of Homestead Hospice & Palliative Care in Georgia is potentially compromised during a yearlong hack of multiple employee email accounts between April 1, 2021, and March 31, 2022.						Homestead Hospice & Palliative Care
72	24/05/2022	Between February and April 2022	Between February and April 2022	Unknown APT linked to China	Russian government entities	Researchers from Malwarebytes reveal that an unknown Advanced Persistent Threat (APT) group, linked to China, has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022.	Targeted Attack	Public admin and defence, social security	CE	RU		APT, Russia, China
73	24/05/2022	At least since 22/05/2021	22/05/2021	?	Multiple organizations	The popular PyPI module 'ctx' that gets downloaded over 20,000 times a week is compromised in a software supply chain attack with malicious versions stealing the developer's environment variables, to collect secrets like Amazon AWS keys and credentials.	Malware	Multiple Industries	CC	>1		PyPI, ctx, Amazon AWS
74	24/05/2022	-	-	?	Police servers in China’s Xinjiang region	A hack on police servers in China’s Xinjiang region yields thousands of graphic images and videos of Uyghur detainees suffering in detention camps.	Unknown	Public admin and defence, social security	H	CN		China, Xinjiang, Uighur
75	24/05/2022	10/03/2022	10/03/2022	?	Val Verde Regional Medical Center ('VVRMC')	Val Verde Regional Medical Center ('VVRMC') discloses a data security incident affecting 86,562 individuals.	Unknown	Human health and social work	CC	US		Val Verde Regional Medical Center, VVRMC
76	24/05/2022	Since March 2022	Since March 2022	Goodwill	Multiple organizations in India	Researchers from CloudSEK discover a new ransomware strain, dubbed 'Goodwill', demanding people donate to the most vulnerable.	Malware	Multiple Industries	CC	IN		CloudSEK. ransomware, Goodwill
77	24/05/2022	Since May 2022	Since May 2022	Yashma	Multiple organizations	Researchers from BlackBerry reveal the details of Yashma, a new ransomware variant derived from the Chaos wiper.	Malware	Multiple Industries	CC	>1		BlackBerry, Yashma, ransomware, Chaos
78	24/05/2022	24/05/2022	24/05/2022	ALtahrea Team	Port of London Authority/PLA	The Pro-Iranian group ALtahrea Team takes down the website of the Port of London Authority/PLA.	DDoS	Transportation and storage	H	UK		Iran, ALtahrea Team, Port of London Authority, PLA
79	24/05/2022	24/05/2022	24/05/2022	?	Undisclosed NFT collector	A hacker steals dozens of NFTs worth more than $1.4 million from a single collector on Tuesday, according to blockchain observers.	Account Takeover	Finance and insurance	CC	N/A		NFT
80	25/05/2022	25/05/2022	25/05/2022	?	SpiceJet	Low-cost Indian airline SpiceJet informs its customers of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures.	Malware	Transportation and storage	CC	IN		SpiceJet, Ransomware
81	25/05/2022	During May 2022	During May 2022	ChromeLoader	Multiple organizations	Researchers from Red Canary detect an uptick of the ChromeLoader malware distributed via malvertising campaigns.	Malware	Multiple Industries	CC	>1		Red Canary, ChromeLoader
82	25/05/2022	'Recently'	'Recently'	Cheerscrypt	VMware ESXi servers	Researchers from Trend Micro discover a new variant of the Cheers ransomware targeting VMware ESXi servers.	Malware	Multiple Industries	CC	>1		Trend Micro, Cheers, Cheerscrypt, Ransomware, VMware ESXi
83	25/05/2022	Between April and May 2022	Between April and May 2022	Cl0p	21 organizations worldwide	Researchers from NCC Group reveal a surge in Cl0p ransomware infections between April and May 2022.	Malware	Multiple Industries	CC	>1		NCC Group, Cl0p, ransomware
84	25/05/2022	During January 2022	During January 2022	Conti	Linn County	The Conti ransomware gang publishes all of the data it stole during a January attack on the government servers of Linn County.	Malware	Public admin and defence, social security	CC	US		Conti, ransomware, Linn County
85	25/05/2022	-	-	Cold River	Individuals in the UK	Researchers from Google's Threat Analysis Group (TAG) reveal that a new website "Very English Coop d'Etat" that published leaked emails from several leading proponents of Brexit is tied to Russian hackers from the Cold River threat group.	CID (Coordinated Inauthentic Behavior)	Individual	CW	UK		Google, Threat Analysis Group, TAG, "Very English Coop d'Etat", Brexit, Cold River
86	25/05/2022	05/03/2022	02/03/2022	?	Allwell Behavioral Health Services	Allwell Behavioral Health Services announces that a computer system used to store quality assurance information related to the treatment of patients was accessed by an unauthorized individual.	Unknown	Human health and social work	CC	US		Allwell Behavioral Health Services
87	25/05/2022	24/11/2021	13/12/2021	?	Cooper University Health Care	Cooper University Health Care announces that the email account of an employee was accessed by an unauthorized individual on November 24, 2021	Account Takeover	Human health and social work	CC	US		Cooper University Health Care
88	25/05/2022	'Recently'	'Recently'	?	Lifespan Services	Lifespan Services, a non-profit provider of services to individuals with disabilities, confirms it was the victim of a ransomware attack that affected data on its servers.	Malware	Human health and social work	CC	US		Lifespan Services, Ransomware
89	25/05/2022	During the previous week	During the previous week	?	Sohu.com	Chinese internet portal operator Sohu.com says that two dozen employees lost more than 40,000 yuan (US$6,000) after they fell victim to an email scam, which promised “allowances” to recipients who provided their bank accounts and other personal identification information.	Account Takeover	Information and communication	CC	CN		Sohu.com
90	25/05/2022	-	-	?	Calgary Urban Project Society (CUPS)	The Calgary Urban Project Society (CUPS) informs him that a staff member’s email account had been hacked and some of his personal information may have been put at risk.	Account Takeover	Human health and social work	CC	CA		Calgary Urban Project Society, CUPS
91	25/05/2022		26/03/2022	?	Comstar LLC	Ambulance billing service Comstar LLC notifies an as-yet undisclosed number of people following a data security breach of their systems that was detected on March 26, 2022.	Unknown	Administration and support service	CC	US		Comstar LLC
92	25/05/2022	-	-	?	Fred Hutchinson Cancer Center	Fred Hutchinson Cancer Center discloses a breach affecting 500 individuals	Account Takeover	Human health and social work	CC	US		Fred Hutchinson Cancer Center
93	25/05/2022	-	-	?	Multiple Sclerosis Center of Atlanta	The Multiple Sclerosis Center of Atlanta discloses a breach affecting 2,820 individuals.	Account Takeover	Human health and social work	CC	US		Multiple Sclerosis Center of Atlanta
94	26/05/2022	-	-	?	Multiple organizations	Tax software vendor Intuit warns that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings.	Account Takeover	Multiple Industries	CC	>1		Intuit, QuickBooks
95	26/05/2022	-	-	?	Colleges and universities based in the U.S.	The FBI issues an alert about usernames and passwords giving access to colleges and universities based in the U.S., available for sale on Russian cybercriminal forums.	Account Takeover	Education	CC	US		FBI, Federal Bureau of Investigation, colleges and universities based in the U.S.
96	26/05/2022	-	-	Keksec	Multiple organizations	Researchers from AT&T Alien Labs discover a new variant of the EnemyBot malware exploiting new vulnerabilities: CVE-2022-22954 (VMware), CVE-2022-22947 (Spring), CVE-2022-1388 (F5)	CVE-2022-22954, CVE-2022-22947, CVE-2022-1388	Multiple Industries	CC	>1		AT&T Alien Labs, EnemyBot, CVE-2022-22954, CVE-2022-22947, CVE-2022-1388, VMware, Spring, F5, Keksec
97	26/05/2022	24/05/2022	24/05/2022	?	Somerset County	The Somerset County is hit with a ransomware attack.	Malware	Public admin and defence, social security	CC	US		Somerset County
98	26/05/2022	Since at least February 2021	During February 2021	Threat actors from the Dominican Republic	Facebook users	Researchers from Cybernews expose a network of Facebook accounts responsible to distribute malicious content via the "is that you?" scam.	CID (Coordinated Inauthentic Behavior)	Individual	CC	>1		Cybernews, Facebook, "is that you?"
99	26/05/2022	Since at least 25/01/2022	25/01/2022	?	Scarborough Health Network (SHN)	Canadian healthcare service provider Scarborough Health Network (SHN) warns that a data breach may have exposed patient healthcare records.	Unknown	Human health and social work	CC	CA		Scarborough Health Network, SHN
100	26/05/2022	-	-	?	Verizon	A hacker obtains a database that includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees.	Account Takeover	Information and communication	CC	US		Verizon
101	26/05/2022	03/01/2022	-	?	Martin University	Martin University discloses to have been hit with a ransomware incident.	Malware	Education	CC	US		Martin University, ransomware
102	27/05/2022	24/05/2022	24/05/2022	BlackCat AKA ALPHV	Austrian federal state Carinthia	Austrian federal state Carinthia is hit by the BlackCat ransomware gang, also known as ALPHV, who demands a $5 million to unlock the encrypted computer systems.	Malware	Public admin and defence, social security	CC	AT		Carinthia, BlackCat, ransomware, ALPHV
103	27/05/2022	Between 07/03/2022 and 21/03/2022	28/03/2022	?	Shields Health Care Group	The sensitive information of two million people is accessed during a cyberattack on Shields Health Care Group, a Massachusetts-based healthcare organization that provides services to dozens of hospitals and other medical facilities.	Unknown	Human health and social work	CC	US		Shields Health Care Group
104	27/05/2022	During April 2022	17/05/2022	?	City of Portland	The City of Portland investigates a cybersecurity breach that resulted in a $1.4 million fraudulent transaction with city funds in April.	Account Takeover	Public admin and defence, social security	CC	US		City of Portland
105	27/05/2022	Between 29/12/2020 and 26/02/2022	25/02/2022	?	Aon PLC	Aon PLC reports a hacking incident that impacted 28,714 individuals.	Unknown	Human health and social work	CC	US		Aon PLC
106	27/05/2022	-	29/03/2022	-	?	Platinum Hospitalists notifies 6,000 patients that some of their protected health information has potentially been compromised by a phishing attack.	Account Takeover	Human health and social work	CC	US		Platinum Hospitalists
107	27/05/2022	05/03/2022	-	?	Capsule	Capsule, a digital pharmacy, starts notifying 27,486 individuals that some of their protected health information has been exposed in a cyberattack where unauthorized individuals gained access to certain Capsule accounts on April 5, 2022.	Account Takeover	Human health and social work	CC	US		Capsule
108	27/05/2022	Between 04/03/2022 and 28/03/2022	-	?	BJC HealthCare	BJC HealthCare starts notifying certain patients that some of their protected health information was stored in email accounts that were accessed by an unauthorized individual.	Account Takeover	Human health and social work	CC	US		BJC HealthCare
109	27/05/2022	Since 25/05/2022	Since 25/05/2022	Magniber	Multiple organizations	Researchers from 360 Total Security reveal that the Magniber ransomware has been upgraded to target Windows 11 machines.	Malware	Multiple Industries	CC	>1		Magniber, Ransomware, 360 Total Security
110	27/05/2022	15/12/2021	During January 2022	?	Acorda Therapeutics	An undisclosed number of patients tied to Acorda Therapeutics are notified that their data was accessed during the hack of its business email environment.	Account Takeover	Human health and social work	CC	US		Acorda Therapeutics
111	27/05/2022	-	-	?	North Lakes Pain Consultants	North Lakes Pain Consultants discloses a breach affecting 620 individuals	Unknown	Human health and social work	CC	US		North Lakes Pain Consultants
112	28/05/2022	-	-	BlackCat AKA ALPHV	Regina Public Schools	Regina Public Schools are hit by a ransomware attack.	Malware	Education	CC	CA		Regina Public Schools, ransomware, BlackCat, ALPHV
113	29/05/2022	-	-	Spid3r	Several Belarus’ government websites	Anonymous-affiliated collective Spid3r claims to have attacked Belarus’ government websites in retaliation for the country’s alleged support of Russia’s invasion of Ukraine.	Unknown	Public admin and defence, social security	H	BY		Anonymous, Spid3r, Belarus, Russia, Ukraine
114	30/05/2022	30/05/2022	30/05/2022	Killnet	Italian Ministries of Defense and Foreign Affairs	The websites of the talian Ministries of Defense and Foreign Affairs are taken down by the pro-Russian Killnet collective.	DDoS	Public admin and defence, social security	H	IT		Killnet, Russia
115	30/05/2022	-	27/05/2022	?	Multiple organizations	Security researchers discover a new Microsoft Office zero-day vulnerability, dubbed 'Follina' (CVE-2022-30190) used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document.	CVE-2022-30190 vulnerability (Follina)	Multiple Industries	N/A	>1		Microsoft Office, Follina, PowerShell, Microsoft Diagnostic Tool, MSDT, Word, CVE-2022-30190
116	30/05/2022	30/05/2022	30/05/2022	?	Mirror Protocol	The Mirror Protocol, a decentralized finance platform on the Terra network, has more than $2 million drained from it due to an issue affecting how its price-setting software reacted to the historic Luna cryptocurrency crash.	Price Manipulation	Fintech	CC	N/A		Mirror Protocol, Terra, Luna
117	30/05/2022	'Recently'	'Recently'	?	WhatsApp users in India	Researchers from CloudSEK warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls.	Account Takeover	Individual	CC	IN		CloudSEK, WhatsApp
118	30/05/2022	-	-	?	Pegasus Airlines	Turkish flight operator Pegasus Airlines suffers a data breach after an AWS cloud storage bucket is reportedly left unprotected and there was unauthorized access to certain information held by carrier.	Misconfiguration	Transportation and storage	CC	TR		Pegasus Airlines, AWS
119	30/05/2022	19/05/2022	-	?	Spirit Super	A phishing attack at Australian pension provider Spirit Super results in “some personal details being compromised”.	Account Takeover	Human health and social work	CC	AU		Super Spirit
120	31/05/2022	-	-	Anonymous	Metprom Group	In name of #OpRussia, the Anonymous leak a trove of emails from Metprom Group, a metallurgical engineering and investment firm.	Unknown	Professional, scientific and technical	H	RU		#OpRussia, Anonymous, Metprom Group
121	31/05/2022	-	-	XLoader	Multiple organizations	Researchers from Check Point discover a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers.	Malware	Multiple Industries	CC	>1		Check Point, XLoader, probability theory
122	31/05/2022	31/05/2022	31/05/2022	Hive	Costa Rica's public health service (AKA Costa Rican Social Security Fund or CCCS)	Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are hit by a Hive ransomware attack.	Malware	Human health and social work	CC	CR		Costa Rica, Costa Rican Social Security Fund, CCCS, Hive, ransomware
123	31/05/2022	Since February 2022	Since February 2022	?	Individuals	The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine.	Financial Scam	Individual	CC	>1		FBI, Federal Bureau of Investigation, Ukraine
124	31/05/2022	During May 2022	During May 2022	TA413	International Tibetan community	Researchers from Proofpoint reveal that the Chinese APT Group TA413 is now actively exploiting the Microsoft Office zero-day vulnerability (known as 'Follina' AKA CVE-2022-30190) to target the International Tibetan community.	Targeted Attack	Individual	CE	N/A		Proofpoint, China, APT, TA413, Microsoft Office, Follina, CVE-2022-30190, Tibet
125	31/05/2022	During May 2022	During May 2022	?	RuneScape players	Researchers from Malwarebytes discover a new RuneScape-themed phishing campaign exceptionally well-crafted.	Account Takeover	Arts entertainment, recreation	CC	>1		Malwarebytes, RuneScape
126	31/05/2022	Between 16/01/2022 and 20/01/2022	Between 16/01/2022 and 20/01/2022	?	Virginia Mason Medical Center (VMMC)	Virginia Mason Medical Center (VMMC) discloses an incident where an external third party “intruded” three servers between January 16 and January 20, 2022.	Unknown	Human health and social work	CC	US		Virginia Mason Medical Center, VMMC
127	31/05/2022	-	-	?	Undisclosed organzations	Google releases the second part of the May security patch for Android, including a fix for CVE-2021-22600, an actively exploited Linux kernel vulnerability.	CVE-2021-22600 vulnerability	Unknown	N/A	N/A		Google, Android, CVE-2021-22600
128	31/05/2022	"Few months ago"	"Few months ago"	?	Calcasieu Parish School Board	The Calcasieu Parish School Board is the victim of a cyber fraud incident when the emails of a contractor are compromised.	Account Takeover	Education	CC	US		Calcasieu Parish School Board
129	31/05/2022	15/05/2022	-	?	CTARS	CTARS, the makers of a cloud-based client management system used by the Australian National Disability Insurance Scheme (NDIS) as well as disability services, out of home care, and children's services, reveals it was breached on May 15 and found the data posted to the dark web a week later.	Unknown	Professional, scientific and technical	CC	AU		CTARS, Australian National Disability Insurance Scheme, NDIS
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

SUPPORT MY WORK!

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

Q3 2023 Cyber Attacks Statistics
The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.
September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
2022 Cyber Attacks Statistics
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events...
Q1 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the first three months of 2023. In total...