The second timeline of May 2022 is out. In the second half of the month I collected 120 events, corresponding to an average of 7.50 events/day, an important increase compared to the 103 events (7.87 events/day) of the previous fortnight.

The Russian invasion of Ukraine continues to characterize the cyber space, and this timeline is no exception: among the events you will find multiple cyber espionage campaigns targeting assets directly or indirectly related to the conflict, disinformation campaigns, and even several DDoS attacks (most of all in Italy) fueled by the pro-Russian Killnet collective.

Ransomware attacks continue to be a constant presence in the timeline, after the break of the previous fortnight, we are back at important percentages with 18.3% of events charcterized by this attack vector (a level similar to April after the 14.85% of the previous timeline.) Even the exploitation of vulnerabilities is back to the levels of April, with 10% of events (from 7.9% of the previous timeline) occurred leveraging a security hole in a software component.

And similarly, the attacks against Decentralized Finance platforms continue to characterized this troubled 2022: this time it was turn of the Mirror Protocol, which suffered the theft of more than $2 worth of cryptocurrency. Always related to fintech, are the numerous campaigns targeting collectors of NFTs, a consolidated presence even in this second timeline of May.

Analyzing the campaigns motivated by cyber espionage, the landscape is quite rich of events, even without considering those related to the conflict in Ukraine .For example the attackers, such as the Chinese group TA413 started to immediately exploit the so-called ‘Follina’ vulnerability (CVE-2022-30190). Similarly an unknown threat actor conducted several campaigns, against targets in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia, exploiting multiple vulnerabilities to install the ‘Predator’ spyware.

After this short summary, you can enjoy the interactive timeline. Thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • Cyber Attacks Stats July 2000 Front ImageJuly 2022 Cyber Attack Statistics

    After the corresponding cyber attacks timelines, it’s time to publish the statistics of July 2022 where I have collected and analyzed...

  • 16-31 July 2022 Cyber Attacks Timeline

    The second cyber attacks timeline of July 2022 confirms the sustained level of activity. In this fortnight I have collected 139 entries, once again...

  • Photo by Tima Miroshnichenko from PexelsThe Biggest Data Breaches of 2022

    Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines...

  • Leaky Buckets in 2022

    Similarly to what I have done in 2021, I am now collecting the incidents due to cloud misconfigurations and leading to the exposure of data.

  • 2020 Cyber Attacks Statistics

    As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.