The first timeline of June 2022 is out. In the first half of the month I collected 109 events, corresponding to an average of 7.27 events/day, in line with the sustained level of activity that is characterizing the latest months.
And if, on one hand, the number of events related to the Russian invasion of Ukraine seems to be apparently decreasing (but the Anonymous collective and their affiliates are continuing their digital skirmish against Russian targets) on the other hand, the ransomware groups are back on the spotlight: in this timeline the percentage of events directly or indirectly characterized by ransomware soared to 26.8% from 18.3%. Similarly, vulnerabilities characterized 20.3% of events, as much as twice the percentage of the previous timeline (10%). A jump fueled primarily by the exploitation of the Microsoft ‘Follina’ vulnerability (CVE-2022-30190).
Unsurprisingly, attacks against Decentralized Finance platforms confirmed their impact on this 2022. In this timeline, the amount of funds stolen exceeded the equivalent of $130M. NFT collectors are equally an intriguing prey for threat actors, and this timeline was no exception.
In terms of cyber espionage, as always the landscape is quite rich of events: the Russian Sandworm APT targeted Ukraine with a new campaign, but this wasn’t obviously the only event. The timeline contains also campaigns carried out by old acquaintances such as SideWinder, Lyceum, Gallium, and APT35 AKA Phosphorous, or Charming Kitten). Additional campaigns unearthed in this fortnight were carried out by new groups such as Aoqin Dragon.
After this short summary, you can enjoy the interactive timeline. Thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map June H1 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/06/2022
-
-
US military attackers
Russia
The chief of the United States’ Cyber Command, General Paul Nakasone confirms for the first time that the US had conducted a series of cyber operations in response to Russia's invasion of Ukraine.
Unknown
Public admin and defence, social security
CW
RU
United States’ Cyber Command, Paul Nakasone, Russia, Ukraine
2
01/06/2022
-
-
Anonymous
Vyberi Radio / Выбери Радио group
In name of #OpRussia, the Anonymous collective release 1.5 million emails (823 GB) from the Vyberi Radio / Выбери Радио group, which operates around 100 radio stations in 18 cities throughout Russia, with over 8 million listeners.
Organizations in Pakistan in both the public and private sector.
Researchers from Group-IB reveal the details of a phishing campaigns attributed to SideWinder involving a fake VPN app for Android devices published on Google Play Store along with a custom tool.
Targeted Attack
Multiple Industries
CE
PK
SideWinder, RattleSnake, Razor Tiger, T-APT-04, APT-C-17, Hardcore Nationalist, Group-IB, Android, Google Play
4
01/06/2022
From the end of 2019 until May 2022
-
?
Individuals
Researchers from INKY reveal that Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors that lead to the theft of account credentials.
Account Takeover
Individual
CC
>1
INKY, Telegram, Telegraph
5
01/06/2022
-
-
?
Multiple organizations worldwide
Researchers from SecureWorks Counter Threat Unit (CTU) identify over 1,200 misconfigured Elasticsearch databases with the index file replaced by a ransom note.
Misconfiguration
Multiple Industries
CC
>1
SecureWorks, Counter Threat Unit, CTU, Elasticsearch
6
01/06/2022
-
-
SMSFactory
Android users worldwide
Researchers from ESET warn of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services.
Malware
Individual
CC
>1
ESET, Android, SMSFactory
7
01/06/2022
-
-
Karakurt
Multiple organizations
The CISA and FBI issue a warning about the Karakurt extortion group demanding up to $13 million in Bitcoin.
Malware
Multiple Industries
CC
US
CISA, FBI, Karakurt
8
02/06/2022
31/05/2022
31/05/2022
LockBit
FoxConn
Foxconn electronics manufacturer confirms that one of its Mexico-based production plants has been impacted by a ransomware attack in late May.
Malware
Manufacturing
CC
MX
Foxconn, LockBit, ransomware
9
02/06/2022
Since January 2021
-
Clipminer
Cryptocurrency users
Researchers from Symantec discover a large operation of a new cryptocurrency mining malware called Clipminer, based on the KryptoCibule, that brought its operators at least $1.7 million from transaction hijacking.
Researchers from Kaspersky reveal the details of a Chinese-speaking hacking group known as LuoYu, infecting victims with the WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.
Malware
Multiple Industries
CE
>1
Kaspersky, LuoYu, WinDealer
11
02/06/2022
Since March 2022
-
POLONIUM
Organizations in Israel
Researchers from Microsoft say they blocked a Lebanon-based hacking group tracked as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israeli organizations.
Targeted Attack
Multiple Industries
CE
IL
Microsoft, Polonium, Lebanon, OneDrive, Israel
12
02/06/2022
02/06/2022
02/06/2022
Industrial Spy
SATT Sud-Est
SATT Sud-Est is the first victim of a new modus operandi by a ransomware gang dubbed Industrial Spy that compromises the victim's website to announce the attack.
Malware
Administration and support service
CC
FR
SATT Sud-Est, ransomware, Industrial Spy
13
02/06/2022
-
-
Evil Corp (aka INDRIK SPIDER or the Dridex gang)
Multiple organizations
Researchers from Mandiant discover UNC2165, a cluster of activities carried out by the Evil Corp cybercrime group, deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC).
Malware
Multiple Industries
CC
>1
Mandiant, Evil Corp, LockBit, ransomware, U.S. Treasury Department's Office of Foreign Assets Control, OFAC, INDRIK SPIDER, Dridex, UNC2165
14
02/06/2022
-
-
Multiple threat actors
Multiple organizations
Attackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells.
CVE-2022-26134 Vulnerability
Multiple Industries
N/A
>1
Atlassian Confluence, CVE-2022-26134
15
02/06/2022
-
-
Bohrium
Organizations in the U.S., Middle East, and India
The Microsoft Digital Crimes Unit (DCU) disrupts a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted organizations in the U.S., Middle East, and India.
Targeted Attack
Multiple Industries
CE
US
IN
Middle East
Microsoft Digital Crimes Unit, DCU, Iran, Bohrium, U.S., Middle East, India
16
02/06/2022
'Recently'
'Recently'
WatchDog
Exposed Docker Engine API endpoints and Redis servers
Researchers from Cado Networks reveal that the WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.
Misconfiguration
Multiple Industries
CC
>1
Cado Networks, WatchDog, Docker, Redis
17
02/06/2022
02/06/2022
02/06/2022
People's Mujahedin of Iran (MEK)
Tehran municipality
The exiled group People's Mujahedin of Iran (MEK) claims responsibility for a cyber attack that took temporarily control of dozens of websites run by Tehran's municipality and around 5,000 of the capital's surveillance cameras.
Unknown
Public admin and defence, social security
H
IR
People's Mujahedin of Iran, MEK, Tehran, Iran
18
02/06/2022
Between December 20, 2021 and April 22, 2022
'Recently'
?
Prothena
Prothena, a late-stage clinical company, notifies certain individuals that their data was compromised during a four-month hack of an employee email account.
Account Takeover
Human health and social work
CC
US
Prothena
19
03/06/2022
-
-
Anonymous
Rustam Kurmaev and Partners (RKP Law)
In name of #OpRussia, the Anonymous release a terabyte of data and emails from Rustam Kurmaev and Partners (RKP Law), a Russian law firm that works with major banking, media, oil and industrial firms and state interests.
Unknown
Administration and support service
H
RU
#OpRussia, Anonymous, Rustam Kurmaev and Partners, RKP Law, Russia
20
03/06/2022
-
02/06/2022
Industrial Spy
Novartis
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang.
Malware
Unknown
CC
CH
Novartis, Industrial Spy
21
03/06/2022
-
-
?
European governments and US local governments
Researchers from Proofpoint reveal that European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit the critical Windows zero-day vulnerability known as Follina (CVE_2022_30190).
Targeted Attack
Public admin and defence, social security
CE
US
EU
Proofpoint, Rich Text Format, RTF, Follina, CVE-2022-30190
22
03/06/2022
05/04/2022
-
?
Kaiser Permanente
Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, recently discloses a data breach that exposed the health information of more than 69,000 individuals when the email of an employee is compromised.
Account Takeover
Human health and social work
CC
US
Kaiser Permanente
23
03/06/2022
02/06/2022
02/06/2022
BlackCat AKA ALPHV
City of Alexandria
The City of Alexandria confirms to have been hit with a BlackCat ransomware attack.
Malware
Public admin and defence, social security
CC
US
BlackCat, ALPHV, Alexandria, Ransomware
24
03/06/2022
From 15/11/2021 to 18/11/2021
15/11/2021
?
Bergen’s Promise
Bergen’s Promise discloses a phishing attack that impacted 6,948 individuals.
Account Takeover
Human health and social work
CC
US
Bergen’s Promise
25
03/06/2022
20/05/2022
20/05/2022
Hive
Goodman Campbell Brain and Spine (Goodman Campbell)
Goodman Campbell Brain and Spine (Goodman Campbell) reports that it fell victim to a Hive ransomware attack on May 20, which disrupted operations of its network and communication systems.
Malware
Human health and social work
CC
US
Goodman Campbell Brain and Spine, Goodman Campbell, Hive, ransomware
26
03/06/2022
-
-
?
Government websites across the world
Researchers from CloudSEK discover an unprecedented, sophisticated phishing technique, commonly known as Browser-in-the-Browser (BitB) attack, targeting government websites across the world.
Account Takeover
Public admin and defence, social security
CC
>1
CloudSEK, Browser-in-the-Browser, BitB
27
04/06/2022
04/06/2022
04/06/2022
DumpForums
Russian Ministry of Construction, Housing and Utilities (minstroyrf.gov.ru)
The Russian Ministry of Construction, Housing and Utilities (minstroyrf.gov.ru) is hacked. When searched on the internet, the site’s address leads to a sign in the Ukrainian language that read- “Glory to Ukraine.” The attackers also demanded ransom to prevent the leaking of personal data of the site users.
Unknown
Public admin and defence, social security
CC
RU
Russian Ministry of Construction, Housing and Utilities, minstroyrf.gov.ru, DumpForums
28
04/06/2022
04/06/2022
04/06/2022
?
Cryptocurrency users
Attackers reportedly steal over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers are compromised to post a phishing scam.
Account Takeover
Mining and quarrying
CC
>1
Ethereum Yuga Lab, Bored Ape Yacht Club, Otherside Metaverse, Discord
29
04/06/2022
30/05/2022
30/05/2022
LV
Cape Cod Regional Transit Authority (CCRTA)
The Cape Cod Regional Transit Authority (CCRTA) discloses to have been hit by an LV ransomware attack.
The City of Palermo in Southern Italy suffers a ransomware attack, which has a massive impact on a broad range of operations and services to both citizens and visiting tourists. The city is forced to shut down all the systems.
Malware
Public admin and defence, social security
CC
IT
City of Palermo, ransomware, Vice Society
31
05/06/2022
Since 2021
-
?
Multiple organizations
Researchers from CloudSEK discover an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.
Account Takeover
Multiple Industries
CC
>1
CloudSEK, reverse tunnel, URL Shortener
32
05/06/2022
05/06/2022
05/06/2022
Pro-Russia attackers
OLL.TV
According to the State Service of Special Communications and Information Protection of Ukraine (SSSCIP), the broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine is interrupted in Ukraine by a cyberattack that targeted OLL.TV, a Ukrainian online broadcasting platform.
Unknown
Information and communication
H
UA
State Service of Special Communications and Information Protection of Ukraine, SSSCIP, Russia, Ukraine, Wales, 2022 World Cup, OLL.TV
33
05/06/2022
-
-
LockBit
Hospital San José
Hospital San José de Gran Canaria has some data dumped in the Conti ransomware website.
Malware
Human health and social work
CC
ES
Hospital San José de Gran Canaria, Conti, ransomware
34
06/06/2022
Since 24/05/2022
-
Cyber Spetsnaz
Multiple government agencies
Researchers from Resecurity identify an increase in activity within hacktivist groups conducted by a new pro-Russia group called “Cyber Spetsnaz”.
DDoS
Public admin and defence, social security
H
>1
Resecurity, Cyber Spetsnaz
35
06/06/2022
-
-
Black Basta
Multiple organizations
Researchers from NCC Group reveal that the Black Basta ransomware gang has partnered with the QBot malware operation to spread laterally through hacked corporate environments.
Malware
Multiple Industries
CC
>1
NCC Group, Black Basta, ransomware, QBot
36
06/06/2022
Between 23/01/2022 and 05/04/2022
12/05/2022
?
Numrich Gun Parts Corporation
Numrich Gun Parts Corporation, an e-commerce site, discloses a data breach resulting from card skimmer infection on its site.
Malicious Script Injection
Wholesale and retail
CC
US
Numrich Gun Parts Corporation
37
06/06/2022
Since at least the end of April 2022
Since at least the end of April 2022
SVCReady
Multiple organizations
Researchers from HP discover a previously unknown malware loader named SVCReady, using VBA macro code to execute shellcode stored in the properties of a document that arrives on the target as an email attachment.
Malware
Multiple Industries
CC
>1
HP, SVCReady, VBA
38
06/06/2022
06/06/2022
06/06/2022
?
Maiar
An attacker exploits a vulnerability in the Maiar decentralized exchange to steal an estimated $113 million.
Vulnerability
Fintech
CC
N/A
Maiar
39
07/06/2022
Between June 1, 2021, and January 19, 2022
December 2021
?
Rainier Arms
Rainier Arms, an e-commerce site, discloses a data breach resulting from card skimmer infection on its site.
Malicious Script Injection
Wholesale and retail
CC
US
Rainier Arms
40
07/06/2022
'Recently'
'Recently'
Black Basta
VMWare ESXi servers
Researchers from Uptycs reveal that they spotted a new Black Basta ransomware variant specifically targeting VMWare ESXi servers.
Malware
Multiple Industries
CC
>1
Uptycs, Black Basta, ransomware, VMWare ESXi
41
07/06/2022
During June 2022
During June 2022
TA570
Multiple organizations
Researchers from Proofpoint reveal that the TA570 Qbot affiliate has now begun using malicious Microsoft Office .docx documents to abuse the Follina CVE-2022-30190 security flaw and infect recipients with Qbot.
Malware
Multiple Industries
CC
>1
Proofpoint, TA570, Qbot, Microsoft Office, Follina, CVE-2022-30190
42
07/06/2022
During June 2022
During June 2022
Kinsing
Vulnerable Atlassian Confluence servers
Researchers from Lacework Labs discover three botnets, tracked as Kinsing, Hezb, and Dark.IoT, known for targeting vulnerable Linux servers and deploying backdoors and cryptominers, exploiting the critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server for CVE-2022-26134.
Researchers from Lacework Labs discover three botnets, tracked as Kinsing, Hezb, and Dark.IoT, known for targeting vulnerable Linux servers and deploying backdoors and cryptominers, exploiting the critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server for CVE-2022-26134.
Researchers from Lacework Labs discover three botnets, tracked as Kinsing, Hezb, and Dark.IoT, known for targeting vulnerable Linux servers and deploying backdoors and cryptominers, exploiting the critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server for CVE-2022-26134.
The NSA, CISA, and the FBI reveal that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data.
Atrium Health informs 6,695 individuals of a phishing attack between April 7 and April 8. An unauthorized party used a phishing scam to gain access to an employee’s business email and messaging account.
Account Takeover
Human health and social work
CC
US
Atrium Health
47
07/06/2022
Between 21/08/2021 and 17/09/2021
05/05/2022
?
Central Florida Inpatient Medicine (CFIM)
Central Florida Inpatient Medicine (CFIM) discloses a data security incident that impacted 197,733 individuals. The practice determined on May 5, 2022 that an unauthorized actor had accessed an employee email account between August 21, 2021 and September 17, 2021.
Account Takeover
Human health and social work
CC
US
Central Florida Inpatient Medicine, CFIM
48
08/06/2022
08/06/2022
08/06/2022
?
Kommersant FM
The online bulletin broadcast of a Russian radio station, Kommersant FM, is interrupted when the content was replaced with the Ukrainian national anthem and antiwar songs.
Unknown
Information and communication
H
RU
Kommersant FM
49
08/06/2022
Between March 2022 and April 2022
During April 2022
Cuba
Four undisclosed organizations
Researchers from Trend Micro report a resurgence in Cuba infections, starting in March and continuing strong until April 2022.
Malware
Multiple Industries
CC
>1
Cuba, Trend Micro, Ransomware
50
08/06/2022
At least since 06/06/2022
06/06/2022
Emotet
Google Chrome users
Researchers from Proofpoint reveal that the Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles.
Malware
Individual
CC
>1
Proofpoint, Emotet, Google Chrome
51
08/06/2022
Since at least September 2021
During April-May 2022
?
Facebook users
Researchers from PIXM uncover a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.
Account Takeover
Individual
CC
>1
PIXM, Facebook, Messenger
52
08/06/2022
During June 2022
During June 2022
FakeCrack
Single individuals worldwide
Researchers from Avast reveal the details of FakeCrack, a campaign distributing a malware that steals passwords, credit cards, and crypto wallets, promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.
Malware
Individual
CC
>1
Avast, FakeCrack, CCleaner Pro
53
08/06/2022
Since at least 27/05/2022
Since at least 27/05/2022
Multiple threat actors
Multiple organizations
Researchers from Broadcom Symantec observe threat actors exploiting the vulnerability known as Follina to drop the AsyncRAT malware onto vulnerable systems just days after the flaw became public.
Choice Health Insurance notifies people of a data breach caused by human error of a vendor. they learned on May 14 that an unauthorized person was “offering to make available data allegedly taken from Choice Health.
Misconfiguration
Human health and social work
CC
US
Choice Health Insurance
55
08/06/2022
06/06/2022
06/06/2022
?
Floyd County school system
The Floyd County school system confirms reports of a cyberattack that resulted in $194,672.76 being stolen from the school system.
Account Takeover
Education
CC
US
Floyd County school system
56
08/06/2022
08/06/2022
08/06/2022
?
Optimism Foundation
The Optimism Foundation suffers a $16 million worth theft of tokens. Shortly after the attacker returns $15 million.
Unknown
Fintech
CC
N/A
Optimism Foundation
57
08/06/2022
08/06/2022
08/06/2022
?
GYM Network
GYM Network, a cross-protocol DeFi aggregator, is hacked with the loss of $2.1M of cryptocurrency.
Vulnerability
Fintech
CC
N/A
GYM Network
58
08/06/2022
02/02/2022
08/02/2022
?
Wilkins Recreational Vehicles, Inc. (Wilkins RV)
Wilkins Recreational Vehicles, Inc. (“Wilkins RV”) confirms that the company experienced a data breach after it was the target of a ransomware attack earlier this year. The data of 17,408 customers is compromised.
Government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia.
Researchers from Sentinel Labs reveal the details of Aoqin Dragon, a previously unknown Chinese-speaking threat actor linked to malicious activity going as far back as 2013.
Targeted Attack
Multiple Industries
CE
SG
HK
VN
KH
AU
Sentinel Labs, Aoqin Dragon
60
09/06/2022
Since at least November 2021
-
Symbiote
Multiple organizations
Researchers from Blackberry and Intezer Labs reveal the details of Symbiote, a newly discovered Linux malware infecting all running processes on compromised systems, stealing account credentials, and giving its operators backdoor access.
Malware
Multiple Industries
CC
>1
Blackberry, Intezer Labs, Symbiote, Linux
61
09/06/2022
During June 2022
During June 2022
WannaFriendMe
Multiple organizations
A new ransomware dubbed WannaFriendMe, takes the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency.
Malware
Multiple Industries
CC
>1
Ransomware, WannaFriendMe, Roblox, Robux
62
09/06/2022
'Recently'
'Recently'
Lyceum APT
Organizations in Middle East
Researchers from Zscaler ThreatLabz discover a new campaign by the Iranian APT Lyceum Group, utilizing a newly developed and customized .NET based malware targeting the Middle East using a DNS backdoor.
Targeted Attack
Multiple Industries
CE
>1
Zscaler, ThreatLabz, Iran, Lyceum Group, DNS
63
09/06/2022
02/06/2022
02/06/2022
?
Tenafly Public Schools
Tenafly Public Schools reveal to be in the process of recovering from a ransomware attack and are forced to cancel final exams.
Malware
Education
CC
US
Tenafly Public Schools, ransomware
64
09/06/2022
Since 24/02/2022
-
Chinese-backed threat actors
U.S. tech sector
FBI officials reveal that Chinese APTs have stepped up their probes against the U.S. tech sector since Russia’s invasion of Ukraine.
Targeted Attack
Professional, scientific and technical
CE
US
FBI, China, Russia, Ukraine
65
09/06/2022
Since 31/05/2022
-
Multiple threat actors
Vulnerable Atlassian Confluence servers
Researchers from CheckPoint observe threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners.
CVE-2022-26134 Vulnerability
Multiple Industries
CC
>1
CheckPoint, CVE-2022-26134, Atlassian Confluence
66
09/06/2022
Since at least 06/06/2022
-
Multiple threat actors
Vulnerable Meeting Owl Pro systems
Threat actors start to exploit the CVE-2022-31460 vulnerability in the Meeting Owl Pro systems, few days after its discovery.
CVE-2022-31460 Vulnerability
Multiple Industries
CC
>1
CVE-2022-31460, Meeting Owl Pro
67
09/06/2022
-
27/02/2022
-
90 Degree Benefits Wisconsin
90 Degree Benefits Wisconsin begins notifying an undisclosed number of individuals of a data security incident that it discovered in late February 2022.
Unknown
Human health and social work
CC
US
90 Degree Benefits Wisconsin
68
09/06/2022
-
27/02/2022
-
90 Degree Benefits Minnesota
90 Degree Benefits Minnesota begins notifying an undisclosed number of individuals of a data security incident that it discovered in late February 2022.
Unknown
Human health and social work
CC
US
90 Degree Benefits Minnesota
69
09/06/2022
-
25/02/2022
?
Christiana Spine Center
Christiana Spine Center confirms it was the victim of a recent ransomware attack.
Malware
Human health and social work
CC
US
Christiana Spine Center
70
09/06/2022
11/04/2022
11/04/2022
?
Heartland Healthcare Services
Heartland Healthcare Services confirms that files containing patient data were exfiltrated from its network in an April 2022 ransomware attack.
Malware
Human health and social work
CC
US
Heartland Healthcare Services, ransomware
71
09/06/2022
08/06/2022
08/06/2022
?
Osmosis
Osmosis, a decentralized exchange (DEX) built on the Cosmos network, is halted after attackers exploited a liquidity provider (LP) bug to the tune of roughly $5 million. $2m are returned shortly after.
Vulnerability
Fintech
CC
N/A
Osmosis, Cosmos
72
09/06/2022
Between July 29, 2021 and September 17, 2021.
-
?
Simpson University
Simpson University confirms to have experienced a data breach involving unauthorized access to employee email accounts.
Account Takeover
Education
CC
US
Simpson University
73
10/06/2022
During June 2022
During June 2022
Sandworm
More than 500 recipients at various media organizations in Ukraine, including radio stations and newspapers
The Ukraine's Computer Emergency Response Team (CERT) warns that the Russian hacking group Sandworm may be exploiting Follina, the remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.
Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, is hit by a RansomHouse ransomware attack.
Malware
Wholesale and retail
CC
ZA
Shoprite Holdings, RansomHouse, ransomware
75
10/06/2022
During June 2022
During June 2022
Cerber2021
Multiple organizations
Researchers from Microsoft reveal that the Cerber2021 ransomware gang is now exploiting the CVE-2022-26134 vulnerability to install the ransomware on vulnerable Atlassian Confluence servers.
Researchers from Palo Alto Networks reveal the details of a new variant of the Hello XD ransomware.
Malware
Multiple Industries
CC
>1
Palo Alto Networks, Hello XD, ransomware
77
10/06/2022
25/03/2022
-
Twister Canyon
MCG Health
MCG Health a software company that provides patient care guidelines to providers and health plans using artificial intelligence and technology solutions, notifies about a recent data breach. 1.1 million people are possibly affected.
Unknown
Professional, scientific and technical
CC
US
MCG Health, Twister Canyon
78
10/06/2022
Between December 23, 2021 and December 27, 2021
27/12/2021
?
Alliance Physical Therapy Partners
Alliance Physical Therapy Partners confirms that an unauthorized third party accessed certain systems within its network that contained patients’ protected health information.
Unknown
Human health and social work
CC
US
Alliance Physical Therapy Partners
79
10/06/2022
-
-
?
Instagram users
Researchers from McAfee reveal the details of a scam where threat actors distribute malware via YouTube in disguise of app providing free Instagram followers.
Malware
Individual
CC
>1
McAfee, YouTube, Instagram
80
10/06/2022
Between October 1, 2021 to October 7, 2021
07/10/2021
?
Weller Truck Parts
Weller Truck Parts confirms that the company experienced a data breach after discovering that it was the victim of a malware attack
Malware
Manufacturing
CC
US
Weller Truck Parts
81
10/06/2022
Between April 6, 2021 and December 9, 2021
-
?
The People Concern
The People Concern, a homeless service, discovers that the email accounts of some of its employees have been accessed by an unauthorized third party.
Account Takeover
Human health and social work
CC
US
The People Concern
82
11/06/2022
During June 2022
During June 2022
Avos Locker
Multiple organizations
Researchers from Prodaft reveal that the Avos Locker ransomware gang is now exploiting the CVE-2022-26134 vulnerability to install the ransomware on vulnerable Atlassian Confluence servers.
Researchers from Microsoft reveal that multiple threat actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134
Researchers from Microsoft reveal that multiple threat actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134
Security researchers from Confiant uncover SeaFlower, a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.
DialAmerica Marketing, a call center service, reports a breach to HHS that impacted 19,796 individuals.
Unknown
Professional, scientific and technical
CC
US
DialAmerica Marketing
87
12/06/2022
12/06/2022
12/06/2022
?
Entega
Entega, a German energy supplier is hit by a cyber attack that mainly affected the firm's website and staff email accounts.
Unknown
Electricity, gas steam, air conditioning
CC
DE
Entega
88
12/06/2022
12/06/2022
12/06/2022
?
Mainzer Stadtwerke
Mainzer Stadtwerke, an additional German energy supplier is hit by a cyber attack that mainly affected the firm's website and staff email accounts.
Unknown
Electricity, gas steam, air conditioning
CC
DE
Mainzer Stadtwerke
89
12/06/2022
During the first half of June 2022
During the first half of June 2022
?
Individuals
Heineken warns of a phishing scam promoted via WhatsApp and offering free beer for the father's day.
Account Takeover
Individual
CC
>1
Heineken, WhatsApp Father's day
90
13/06/2022
Since early 2022
Early 2022
?
Linux servers
Researchers from Avast reveal the details of a new Linux rootkit malware named ‘Syslogk’, used in attacks to hide malicious processes, using specially crafted "magic packets" to awaken a backdoor laying dormant on the device.
Malware
Multiple Industries
CC
>1
Avast, Linux, Syslogk
91
13/06/2022
During June 2022
During June 2022
BlackCat AKA ALPHV
Vulnerable Exchange Servers
Researchers from Microsoft report that BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities.
Multiple vulnerabilities
Multiple Industries
CC
>1
Microsoft, BlackCat, ransomware, ALPHV, Microsoft Exchange
92
13/06/2022
'Recently'
'Recently'
Gallium
Financial institutions and government entities in Europe, Southeast Asia, and Africa.
Researchers from Palo Alto Networks reveal that the Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.
Targeted Attack
Multiple Industries
CE
AU
RU
PH
BE
VN
MY
KD
AF
Palo Alto Networks, Gallium, PingPull
93
13/06/2022
25/04/2022
25/04/2022
?
Yuma Regional Medical Center (YRMC)
Yuma Regional Medical Center (YRMC) discloses a ransomware attack that compromised the SSNs of 700,000 individuals.
Malware
Human health and social work
CC
US
Yuma Regional Medical Center, YRMC, ransomware
94
13/06/2022
-
-
Belarusian Cyber Partisans
Belarusian Ministry of Internal Affairs
The Belarusian Cyber Partisans release what they say is wiretapped audio of foreign embassies, consulates and other calls in Belarus gathered surreptitiously by the Belarusian Ministry of Internal Affairs.
Unknown
Public admin and defence, social security
H
BY
Belarusian Cyber Partisans, Belarusian Ministry of Internal Affairs
95
13/06/2022
-
-
?
Multiple organizations
Researchers from CloudSEK discover "NakedPages", a new and sophisticated phishing toolkit for sale across several cybercrime forums and Telegram channels.
Account Takeover
Multiple Industries
CC
>1
CloudSEK, NakedPages
96
13/06/2022
11/06/2022
11/06/2022
?
Guadalupe County
Guadalupe County investigates a potential network breach.
Unknown
Public admin and defence, social security
CC
US
Guadalupe County
97
13/06/2022
Between 08/06/2022 and 12/06/2022
-
DragonForce Malaysia
At least 70 Indian government and private sector websites
The Malaysia-linked hacktivist group DragonForce Malaysia takes credit for attacking and defacing at least 70 Indian government and private sector websites.
DDoS
Public admin and defence, social security
H
IN
Malaysia, DragonForce Malaysia, Bharatiya Janata Party, BJP, India
98
14/06/2022
During the previous week
During the previous week
?
Undisclosed organization
Cloudflare reveals that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date.
DDoS
Unknown
CC
N/A
Cloudflare
99
14/06/2022
During 2022
During 2022
?
Undisclosed organizations
Researchers from the Google Project Zero team disclose the details of CVE-2022-22620, a vulnerability in Apple Safari actively exploited in the wild.
CVE-2022-22620 Vulnerability
Unknown
N/A
N/A
Google Project Zero, CVE-2022-22620, Apple Safari
100
14/06/2022
-
-
?
Multiple organizations
Researchers from Resecurity identify a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft.
Account Takeover
Multiple Industries
CC
>1
Resecurity, Azure Front Door, AFD, Microsoft
101
14/06/2022
Between 26/04/2022 and 16/05/2022
31/05/2022
?
Robert Half
HR consulting firm Robert Half starts informing customers that their personal and financial information might have been compromised after hackers targeted their accounts.
Account Takeover
Professional, scientific and technical
CC
US
Robert Half
102
14/06/2022
11/06/2022
11/06/2022
?
Montrose Environmental Group
Montrose Environmental Group, a US-based provider of environmental services, reveals it was hit by a ransomware attack last weekend that disrupted its laboratory testing operations.
Malware
Professional, scientific and technical
CC
US
Montrose Environmental Group, Ransomware
103
14/06/2022
01/05/2022
Between April 30 and May 3, 2022
?
Express Scripts
The pharmacy benefit management organization, Express Scripts, announces that the accounts of certain customers have been accessed by an unauthorized third party.
Account Takeover
Finance and insurance
CC
US
Express Scripts
104
14/06/2022
11/06/2022
11/06/2022
BlackCat AKA ALPHV
University of Pisa
The University of Pisa is held to ransom for $4.5m by the BlackCat/ALPHV ransomware gang.
Malware
Education
CC
IT
University of Pisa, BlackCat, ALPHV, ransomware
105
14/06/2022
During May 2022
During May 2022
Multiple threat actors
Android users worldwide
According to researchers at Dr. Web, at least a dozen mobile apps on Google Play Store contain info-stealing malware, adware, and other types of malicious software, collectively boasting over 2 million downloads.
Malware
Individual
CC
>1
Dr. Web, Google Play Store, Android
106
14/06/2022
'Recently'
'Recently'
Phosphorous (AKA APT35 and Charming Kitten)
Israeli officials, high-ranking military personnel, research institutions, think tanks, and Israeli citizens.
Researchers from Check Point uncover an Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The list of the victims include Israeli foreign minister and deputy Prime Minister Tzipi Livni; a former major general in the Israeli Defense Forces (IDF); and a former US ambassador to Israel.
Targeted Attack
Individual
CE
IL
Phosphorous, Check Point, Iran, Tzipi Livni
107
14/06/2022
-
-
?
Ameriprise Financial, Inc.
Ameriprise Financial, Inc. discloses a security incident.
Unknown
Finance and insurance
CC
US
Ameriprise Financial, Inc.
108
14/06/2022
Between February 23 and March 10, 2022
'Recently'
?
DiversiTech Corporation
DiversiTech Corporation confirms that the company experienced a data breach apparently related to unauthorized access to a company email account.
Account Takeover
Manufacturing
CC
US
DiversiTech Corporation
109
14/06/2022
October 2021
October 2021
?
Quality Temporary Services, Inc. ( AKA Qualified Staffing)
Quality Temporary Services, Inc. (“Qualified Staffing”) reported a data breach after the company was the victim of a 2021 ransomware attack. 81,000 accounts are compromised.
Afni files official notice of a data breach that impacted the sensitive information of certain individuals, after detecting anomalous activity on its network.
Unknown
Professional, scientific and technical
CC
US
Afni
111
15/06/2022
Since at least March 2022
-
Panchan
Linux servers
Researchers from Akamai discover Panchan, a new peer-to-peer botnet and SSH worm infecting Linux servers with crytominers.
Brute-Force
Multiple Industries
CC
>1
Akamai, Panchan, Linux
112
15/06/2022
-
-
Blue Mockingbird
Vulnerable Telerik UI systems
A threat actor known as ‘Blue Mockingbird’ is targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.
CVE-2019-18935 Vulnerability
Multiple Industries
CC
>1
Blue Mockingbird, Telerik UI, Cobalt Strike, Monero
113
15/06/2022
'Recently'
'Recently'
MaliBot
Android banking users in Italy and Spain
Researchers from F5 discover a new Android banking malware named MaliBot, in disguise of a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain.
Malware
Finance and insurance
CC
IT
ES
F5, Android, MaliBot
114
15/06/2022
Earlier in 2022
Earlier in 2022
Drifting Cloud
Organizations and governments in Afghanistan, Bhutan, India, Nepal, Pakistan and Sri Lanka
Researchers from Volexity reveal the details of Drifting Cloud, a campaign carried out by Chinese hackers exploiting the CVE-2022-1040 zero-day for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.
CVE-2022-1040 vulnerability
Multiple Industries
N/A
AF
BT
IN
NP
PK
LK
Volexity, CVE-2022-1040, Sophos, Drifting Cloud
115
15/06/2022
'Recently'
'Recently'
Two APT Groups
Undisclosed organizations
Researchers from Sophos reveal the details of a sophisticated targeted attack exploiting CVE-2022-1040.
CVE-2022-1040 Vulnerability
Unknown
CE
N/A
Sophos, CVE-2022-1040
116
15/06/2022
15/06/2022
15/06/2022
BlackCat AKA ALPHV
Plainedge Public Schools
The BlackCat/ALPHV ransomware group adds Plainedge Public Schools to their leak site.
Malware
Education
CC
US
Plainedge Public Schools, BlackCat, ALPHV, Plainedge Public Schools, Ransomware
117
15/06/2022
-
-
?
Benefit Plan Administrators, Inc. (BPA)
Benefit Plan Administrators, Inc. (BPA) confirms that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained
Unknown
Administration and support service
CC
US
Benefit Plan Administrators, Inc.
118
15/06/2022
From March 24, 2022, to March 31, 2022
24/03/2022
?
University of Chicago Medical Center (UCMC)
University of Chicago Medical Center (UCMC) notifies patients that an unauthorized user had access to some employee email accounts, putting protected health information of patients at risk.
Account Takeover
Human health and social work
CC
US
University of Chicago Medical Center, UCMC
119
15/06/2022
-
-
?
The Allison Inn & Spa
The Allison Inn & Spa is hit with a ransomware attack.
Malware
Accommodation and food service
CC
US
The Allison Inn & Spa
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
In the first timeline of August, I collected 169 events (corresponding to 11.27 events per day), a considerable decrease compared to the the second half of July...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...