16-30 June 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

And finally I can publish the second timeline of June 2022 (part I here). In the second half of the month I collected 117 events, corresponding to an average of 7.8 events/day, once again in line with the sustained trend that is characterizing the latest months.

Even this second timeline of June confirms a decrease in the number of events related to Ukraine, and a relatively high number of events characterized by ransomware (27 out of 117, corresponding to 23%, slightly less than 26.8% of the previous timeline.) As always consider that the real percentage could be higher since some organizations, when suffering ransomware attacks, report generic outages or disruptions without citing explicitly the reason of the attack. Vulnerabilities characterized, directly or indirectly 16.2% of events, once again thanks primarily to ‘Follina’ (CVE-2022-30190). And even if this number is lower than 20.3% of the previous fortnight, it remains equally important.

Attacks against Decentralized Finance platforms continued also in this second fortnight. The most massive one hit Harmony ($100M worth of cryptocurrency allegedly stolen) and it was carried out by the North Korean APT Lazarus Group.

The cyber espionage front confirms the trend of the last months, with quite a sustained level of activity. Ukraine was, easily predictable, the target of several campaigns carried out by the likes of APT28 (AKA Fancy Bear), and UAC-0098 (a previously unidentified threat group). Other active groups (whose operations were not directly related to Ukraine, include: APT10, APT41, Evilnum, Tropic Trooper, and new actors such as the ToddyCat.

After this short summary, you can enjoy the interactive timeline. Thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map June H2 2022

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/06/2022	Since April 2022	-	?	iOS and Android users in Kazakhstan, Syria and Italy	Researchers from Lookout reveal the details of Hermit, an Android spyware deployed in targeted attacks by national governments, with victims in Kazakhstan, Syria and Italy. A subsequent from Google reveals that the company behind Hermit, RCS Labs, has received help from some Internet service providers (ISPs) to infect the victims.	Targeted Attack	Individual	CE	KZ SY IT		Lookout, Hermit, Android, Google, RCS Labs, iOS
2	16/06/2022	16/06/2022	16/06/2022	Multiple threat actors	Vulnerable WordPress sites	750,000 WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, are force-updated en masse to a new build that addresses a critical security vulnerability likely exploited in the wild.	WordPress Plugin vulnerability	Multiple Industries	CC	>1		WordPress, Ninja Forms
3	16/06/2022	16/06/2022	16/06/2022	?	Multiple organizations	A new malicious spam campaign delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines.	Malware	Multiple Industries	CC	>1		Matanbuchus, Cobalt Strike
4	16/06/2022	-	20/04/2022	?	Guardian Fueling Technologies	Guardian Fueling Technologies confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on the company’s computer network.	Unknown	Administration and support service	CC	US		Guardian Fueling Technologies
5	16/06/2022	26/05/2022	-	?	Montgomery County	Montgomery County is hit with a phishing attack affecting 85 county computers.	Account Takeover	Public admin and defence, social security	CC	US		Montgomery County
6	16/06/2022	16/06/2022	16/06/2022	?	Inverse Finance	Inverse Finance, a decentralized finance (DeFi) protocol suffers another price manipulation attack and looses $1.2M to the anonymous attacker, and $5.8M overall.	Price manipulation	Fintech	CC	N/A		Inverse Finance
7	17/06/2022	03-04/12/2022	02/06/2022	?	Flagstar Bank	Flagstar Bank notifies 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack.	Unknown	Finance and insurance	CC	US		Flagstar Bank
8	17/06/2022	-	-	DeadBolt	Vulnerable QNAP devices	NAS vendor QNAP warns customers to secure their devices against a new campaign of attacks pushing DeadBolt ransomware.	Malware	Multiple Industries	CC	>1		NAS, QNAP, DeadBolt, ransomware
9	17/06/2022	Since at least early 2017	Early 2017	RSocks	Millions of computers, Android smartphones, and IoT devices worldwide	The U.S. Department of Justice announces the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT devices worldwide for use as proxy servers.	Malware	Multiple Industries	CC	>1		U.S. Department of Justice, RSocks
10	17/06/2022	-	-	BRATA	Customers of financial institutions in the UK, Italy, and Spain	Researchers from Cleafy discover a new variant of the BRATA Android banking malware with information-stealing capabilities and an APT activity pattern.	Malware	Finance and insurance	CC	UK IT ES		Cleafy, Android, BRATA
11	17/06/2022	Since May 2022	During May 2022	?	U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors	Researchers from Zscaler discover new phishing campaign, using fake voicemail notifications to lure victims into opening a malicious HTML attachment and steal their Microsoft 365 credentials.	Malware	Multiple Industries	CC	US		Zscaler, ThreatLabz, Microsoft 365
12	17/06/2022	Between March 31, 2022 and April 24, 2022	20/04/2022	?	Baptist Medical Center & Resolute Health Hospital	Baptist Health System discloses a malware cybersecurity incident that affected Baptist Medical Center and Resolute Health Hospital.1,24 million individuals are impacted.	Malware	Human health and social work	CC	US		Baptist Health System, Baptist Medical Center, Resolute Health Hospital
13	17/06/2022	Between January 19, 2022, and March 17, 2022	-	?	Avamere Health Services	Avamere Health Services discloses that an unauthorized third party had intermittently accessed its network and certain files and folders had been copied from its systems containing patients’ protected health information.	Unknown	Human health and social work	CC	US		Avamere Health Services
14	17/06/2022	-	-	?	Council on Aging of Buncombe County	The Council on Aging of Buncombe County is hit with a ransomware attack.	Malware	Human health and social work	CC	US		Council on Aging of Buncombe County, ransomware
15	18/06/2022	Since early January 2022	Early January 2022	Ech0raix AKA QNAPCrypt	Vulnerable QNAP devices	The Ech0raix ransomware starts targeting vulnerable QNAP NAS devices again.	Malware	Multiple Industries	CC	>1		Ech0raix, ransomware, QNAP, NAS, QNAPCrypt
16	18/06/2022	During May 2022	During May 2022	?	German Green Party	The German Green party, which is part of the country’s governing coalition, says its IT system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck.	Account Takeover	Public admin and defence, social security	CE	DE		German Green Party, Foreign Minister, Annalena Baerbock, Economy Minister, Robert Habeck
17	18/06/2022	18/06/2022	18/06/2022	DragonForce Malaysia	Delhi government railway police	In name of #OpsPatuk, DragonForce Malaysia claims to have hacked and defaced the Delhi government railway police website.	CVE-2022-26134 Vulnerability	Public admin and defence, social security	H	IN		#OpsPatuk, DragonForce Malaysia, Delhi government railway police, CVE-2022-26134
18	18/06/2022	-	-	DragonForce Malaysia	Unknown organization	Indian logistics provider Grab denies claims spread by the DragonForce Malaysia hacktivist group that it fell victim to a hacking attack, saying that the leaked data was taken from a third-party vendor.	CVE-2022-26134 Vulnerability	Unknown	H	IN		#OpsPatuk, DragonForce Malaysia, Grab, CVE-2022-26134
19	20/06/2022	20/06/2022	20/06/2022	APT28 (AKA STRONTIUM, Fancy Bear, and Sofacy)	Organizations in Ukraine	The Ukrainian Computer Emergency Response Team (CERT-UA) discovers a new campaign by APT 28 exploiting the Follina code execution vulnerability (CVE-2022-30190) to install the CredoMap malware.	Targeted Attack	Multiple Industries	CE	UA		Ukrainian Computer Emergency Response Team, CERT-UA, APT28, STRONTIUM, Sofacy, Fancy Bear, Follina, CVE-2022-30190, CredoMap
20	20/06/2022	-	-	UAC-0098	Organizations in Ukraine	The Ukrainian Computer Emergency Response Team (CERT-UA also identifies a different campaign by a threat actor tracked as UAC-0098, also using CVE-2022-30190 to infect the target	Targeted Attack	Multiple Industries	CE	UA		Ukrainian Computer Emergency Response Team, CERT-UA, UAC-0098, Follina, CVE-2022-30190
21	20/06/2022	20/06/2022	20/06/2022	Vice Society	Medical University of Innsbruck	The Medical University of Innsbruck suffers a ransomware attack by the Vice Society gang, which causes severe IT service disruption and the alleged theft of data.	Malware	Education	CC	AU		Medical University of Innsbruck, ransomware, Vice Society
22	20/06/2022	-	-	?	Multiple online stores	Researchers from Malwarebytes reveal the details of a new Magecart campaign leveraging a 'pretty wide infrastructure.'	Malicious Script Injection	Wholesale and retail	CC	>1		Malwarebytes, Magecart
23	20/06/2022	18/06/2022	18/06/2022	Iranian threat actors	Israeli cities of Jerusalem and Eilat	False rocket warning sirens are heard in the Israeli cities of Jerusalem and Eilat. According to the Israel National Cyber Directorate (INCD), the sirens were triggered by a cyberattack possibly by Iranian threat actors.	Unknown	Public admin and defence, social security	H	IL		Jerusalem, Eilat, Israel National Cyber Directorate, INCD
24	20/06/2022	-	-	?	Houston County Board of Education (HCBE)	Data allegedly from Houston County Board of Education (HCBE) is put on sale on a forum.	Unknown	Education	CC	US		Houston County Board of Education, HCBE
25	21/06/2022	Since at least December 2020.	During 2022	ToddyCat	Military and governmental organizations in Asia and Europe	Researchers from Kaspersky reveal the details of ToddyCat, an APT group targeting Microsoft Exchange servers of military and governmental organizations in Asia and Europe for more than a year.	Targeted Attack	Public admin and defence, social security	CE	>1		Kaspersky, ToddyCat, APT, Microsoft Exchange, Asia, Europe
26	21/06/2022	-	-	?	Yodel	Services for the U.K.-based Yodel delivery service company are disrupted due to a suspected ransomware cyberattack that caused delays in parcel distribution and tracking orders online.	Malware	Transportation and storage	CC	UK		Yodel, ransomware
27	21/06/2022	Since March 2022	March 2022	Dridex	Multiple targets	Researchers from Bitdefender discover a new campaign carried out via the RIG exploit kit delivering the Dridex banking trojan instead of the Raccoon Stealer malware.	Malware	Finance and insurance	CC	>1		Bitdefender, RIG, Dridex, Raccoon Stealer
28	21/06/2022	From February 21, 2022 to February 25, 2022	-	?	Pape-Dawson Engineers, Inc.	The engineering firm Pape-Dawson Engineers, Inc. notifies a data breach with various government entities after an unauthorized access to its computer system.	Unknown	Professional, scientific and technical	CC	US		Pape-Dawson Engineers, Inc.
29	21/06/2022	17/06/2022	17/06/2022	?	St Petersburg International Economic Forum	A DDoS attack disrupts the proceedings at the 25th St Petersburg International Economic Forum, regarded as the Russian answer to the Davos World Economic Forum.	DDoS	Public admin and defence, social security	H	RU		St Petersburg International Economic Forum
30	21/06/2022	During June 2022	During June 2022	?	Individuals in the UK	The UK’s National Health Service (NHS) warns the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19.	Account Takeover	Individual	CC	UK		UK, National Health Service, NHS, Omicron, COVID-19
31	21/06/2022	-	-	?	At least 100 Israeli military in six secret bases	An investigation reveals that a security hole on the fitness social network “Strava” was used to spy on Israeli security personnel.	Strava vulnerability	Public admin and defence, social security	CE	IL		Strava
32	21/06/2022	Recently'	Recently'	?	Brooks County’s Justice of the Peace and district courts	The Brooks County’s Justice of the Peace and district courts is hit with a ransomware attack that cost more than $37,000.	Malware	Public admin and defence, social security	CC	US		Brooks County’s Justice of the Peace and district courts, ransomware
33	21/06/2022	October - November 2021	-	?	LendingTree.com	A threat actor releases a large database on a popular hacking forum that allegedly came from LendingTree.com, containing the information from 200,643 loan applications. Few days after the company confirms the breach.	Unknown	Finance and insurance	CC	US		LendingTree.com
34	22/06/2022	Since 24 February 2022	During 2022	Russian Intelligence Agencies (including the GRU, SVR, and FSB)	128 targets in 42 countries outside Ukraine	Microsoft reveals that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after the invasion. In particular, since the start of the war, threat actors linked to several intelligence services (including the GRU, SVR, and FSB) have attempted to breach entities in dozens of countries worldwide, prioritizing governments.	Targeted Attack	Public admin and defence, social security	CE	>1		Microsoft, Russian intelligence agencies, GRU, SVR, FSB, Russia Ukraine
35	22/06/2022	Recently'	Recently'	Tropic Trooper	Multiple organizations	Researchers from Check Point discover a new campaign attributed to the Chinese "Tropic Trooper" group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.	Targeted Attack	Multiple Industries	CE	>1		Check Point, Tropic Trooper, Nimbda, Yahoyah
36	22/06/2022	14/06/2022	14/06/2022	?	Nichirin-Flex U.S.A,	Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, is hit by a ransomware attack causing the company to take the network offline.	Malware	Manufacturing	CC	US		Nichirin-Flex U.S.A, Nichirin, ransomware
37	22/06/2022	During June 2022	During June 2022	?	LGBTQ+ community	The U.S. Federal Trade Commission (FTC) warns of extortion scammers targeting the LGBTQ+ community by abusing online dating apps like Grindr and Feeld.	Extortion Scam	Individual	CC	US		U.S. Federal Trade Commission, FTC, LGBTQ+, Grindr, Feeld
38	22/06/2022	Between December 2 and April 18	17/04/2022	?	Mason Tenders’ District Council Funds	Mason Tenders’ District Council Funds confirms that the organization experienced a data breach after an unauthorized party gained access to its computer network compromising the information of 29,000 plan participants and employees.	Unknown	Finance and insurance	CC	US		Mason Tenders’ District Council Funds
39	22/06/2022	13/09/2022	Between August 25, 2021 and September 15, 2021	?	ADM Associates, Inc.	ADM Associates, Inc. confirms that the company experienced a data breach after an unauthorized party gained access to the company’s computer network.	Unknown	Professional, scientific and technical	CC	US		ADM Associates, Inc.
40	22/06/2022	-	-	Keona Clipper	Cryptocurrency users	Researchers from Cyble discover 'Keona Clipper', a clipper malware aimed to steal cryptocurrency and leveraging Telegram for anonymity.	Malware	Fintech	CC	>1		Cyble, Keona Clipper, Telegram
41	22/06/2022	-	14/06/2022	Vice Society	Grand Valley State University (GVSU)	Grand Valley State University (GVSU) has some data dumped in the Vice Society ransomware website.	Malware	Education	CC	US		Grand Valley State University, GVSU, Vice Society, ransomware
42	23/06/2022	Since 21/06/2022	21/06/2022	Legion – Cyber Spetsnaz RF	Public authorities in Lithuania	The National Cyber Security Center (NKSC) of Lithuania issues a public warning about a steep increase in DDoS attacks directed against public authorities in the country.	DDoS	Public admin and defence, social security	H	LT		Legion – Cyber Spetsnaz RF, NKSC, National Cyber Security Center of Lithuania
43	23/06/2022	Between November 17 and December 20, 2021.	-	Conti	More than 40 companies worldwide	Researchers from Group-IB disclose the details of ARMattack, a ransomware operation that hit more than 40 companies in a little over a month between November and December 2021.	Malware	Multiple Industries	CC	>1		Conti, ransomware, ARMattack
44	23/06/2022	-	-	?	Multiple organizations across the financial industry	Researchers from Armorblox discover a new phishing campaign targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases.	Account Takeover	Finance and insurance	CC	>1		Armorblox, Microsoft 365, MetaMask
45	23/06/2022	Starting in March 2022	During 2022	APT10 (AKA Bronze Starlight)	Japanese and western organizations	Researchers from Secureworks reveal the details of a new cluster of activity by Bronze Starlight, the first of two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western organizations, deploying ransomware as a decoy to cover up their malicious activities, and using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT.	Targeted Attack	Multiple Industries	CE	JP Western countries		Secureworks, APT10, Bronze Starlight, ransomware, HUI Loader, PlugX, Cobalt Strike, QuasarRAT
46	23/06/2022	Starting in mid-2021	Mid-2021	APT41 (AKA Bronze Riverside)	Japanese and western organizations	Researchers from Secureworks reveal the details of a new cluster of activity by Bronze Riverside, the second of two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western organizations, deploying ransomware as a decoy to cover up their malicious activities, and using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT.	Targeted Attack	Multiple Industries	CE	JP Western countries		Secureworks, APT41, Bronze Riverside, ransomware, HUI Loader, PlugX, Cobalt Strike, QuasarRAT
47	23/06/2022	Since December 2021	-	Multiple threat actors	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER warn that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.	Log4Shell Vulnerability (CVE-2021-44228)	Multiple Industries	CE	US		Cybersecurity and Infrastructure Security Agency, CISA. United States Coast Guard Cyber Command, CGCYBER, VMware Horizon, Unified Access Gateway, UAG, Log4Shell, CVE-2021-44228
48	23/06/2022	-	-	?	Individuals in Israel	Researchers from Akamai reveal the details of a scalper bot, creating havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.	Malicious bot	Individual	CC	IL		Akamai, bot
49	23/06/2022	22/06/2022	22/06/2022	?	Fast Shop	Fast Shop, one of Brazil's largest retailers, has suffered an 'extortion' cyberattack that led to network disruption and the temporary closure of its online store.The threat actors claimed they were actively able to access the firm's databases on AWS, Azure, GitLab, and IBM cloud, stealing website/app source code and valuable user and corporate data.	Unknown	Wholesale and retail	CC	BR		Fast Shop
50	23/06/2022	Recently'	Recently'	?	Undisclosed organization	Researcher from Crowdstrike reveal the details of a ransomware attack where the attackers used a zero-day exploit (CVE-2022-29499) on Linux-based Mitel MiVoice VOIP appliances for initial access.	Malware	Unknown	CC	N/A		Crowdstrike, ransomware, CVE-2022-29499, Linux, Mitel MiVoice VOIP
51	23/06/2022	Since at least 13/06/2022	Between 13/06/2022 and 20/06/2022	?	Multiple organizations	Researchers from Sonatype discover multiple Python packages that exfiltrate AWS credentials and environment variables, and upload them to a publicly exposed endpoint.	Malware	Multiple Industries	CC	>1		Sonatype, Python, AWS
52	23/06/2022	-	10/11/2021	?	Bank of the West	The Bank of the West warns customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs.	ATM Skimmer	Finance and insurance	CC	US		Bank of the West
53	23/06/2022	Since at least February 2021	-	Matanbuchus	Multiple organizations	Researchers from Cyble reveal the details of a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons.	Malware	Multiple Industries	CC	>1		Cyble, Matanbuchus, Cobalt Strike
54	23/06/2022	Starting in May 2022	Early May 2022	?	individuals	Researchers from Avanan discover a campaign exploiting the domain of QuickBooks to send malicious invoices and request payments.	Account Takeover	Individual	CC	>1		Avanan, QuickBooks
55	23/06/2022	01/06/2022	01/06/2022	Hive	Artear group (Arte Radiotelevisivo Argentino)	Artear group (Arte Radiotelevisivo Argentino) is hit with a Hive ransomware attack.	Malware	Information and communication	CC	AR		Artear group, Arte Radiotelevisivo Argentino, Hive, ransomware
56	24/06/2022	Since at least 10/06/2022	-	?	Ukrainian telecommunications operators	The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT.	Targeted Attack	Information and communication	CE	UA		Computer Emergency Response Team of Ukraine, CERT-UA, DarkCrystal
57	24/06/2022	24/06/2022	24/06/2022	Lazarus Group	Harmony	Threat actors steal $100 million in cryptocurrency from the Blockchain company Harmony. North Korea-linked Lazarus Group APT is suspected to be behind the attack.	Compromised Private Keys	Fintech	CC	US		Harmony, Lazarus Group
58	24/06/2022	Since at least 17/06/2022	-	LockBit	TB Kawashima	TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group, announces that one of its subsidiaries in Thailand has been hit by a cyberattack. The data is published in the LockBit data leak site.	Malware	Manufacturing	CC	TH		TB Kawashima, Toyota Boshoku of, Toyota Group, LockBit, ransomware
59	24/06/2022	-	-	LockBit	Multiple organizations	Researchers from Ahnlab ASEC discover a new campaign distributing the LockBit ransomware using emails in disguise of copyright infringements.	Malware	Multiple Industries	CC	KR		Ahnlab, ASEC, LockBit, ransomware
60	24/06/2022	-	-	?	50 organizations worldwide	Researchers from Rapid7 reveal that a threat actor is selling access to 50 vulnerable networks on a cybercriminal forum after breaking into systems through the recently-discovered Atlassian Confluence zero-day CVE-2022-26134.	CVE-2022-26134 Vulnerability	Multiple Industries	CC	>1		Rapid7, Atlassian Confluence, CVE-2022-26134
61	24/06/2022	Between 24/02/2022 and 22/03/2022	During February 2022	?	Covenant Care of California	Covenant Care of California confirms that multiple employee email accounts were compromised. As a result, the names, medical information, health insurance information, dates of birth, Social Security numbers, driver’s license numbers, and other personal information of certain patients was compromised.	Account Takeover	Human health and social work	CC	US		Covenant Care of California
62	24/06/2022	Between November 12, 2021 and April 26, 2022.	29/03/2022	?	Chefs’ Toys	Chefs’ Toys confirms that the company experienced a data breach after receiving reports by customers of unauthorized charges on their credit and debit cards used to make purchases on its website.	Malicious Script Injection	Wholesale and retail	CC	US		Chefs’ Toys
63	24/06/2022	08/06/2022	-	Hive	Diskriter	The Hive ransomware threat actors hit Diskriter.	Malware	Professional, scientific and technical	CC	US		Hive, ransomware, Diskriter
64	24/06/2022	Between January 12, 2022, and January 19	25/04/2022	?	University Pediatric Dentistry	University Pediatric Dentistry in Buffalo, NY, has started notifying 6,843 patients that some of their protected health information has been exposed in an email security incident.	Account Takeover	Human health and social work	CC	US		University Pediatric Dentistry
65	24/06/2022	Since 24/02/2022	Since 24/02/2022	Russia	Ukrainian public opinion	The Ukraine's domestic intelligence agency (SSU) says it blocked almost 500 Youtube channels and several thousand accounts in social networks spreading disinformation and fake news about 'biolabs' and 'radio-controlled geese'.	CIB (Coordinated Inauthentic Behavior)	Individual	CW	UA		Ukraine's domestic intelligence agency, SSU, Youtube
66	24/06/2022	Recently'	Recently'	NigthLion	Elasticsearch servers openly accessible without authentication	Researchers from Cyble discover NightLion, a worm targeting Elasticsearch servers that are openly accessible without authentication.	Misconfiguration	Multiple Industries	CC	>1		Cyble, NightLion
67	25/06/2022	Two weeks ago	Two weeks ago	?	Napa Valley College	The Napa Valley College website and network systems are knocked offline as the result of a ransomware attack.	Malware	Education	CC	US		Napa Valley College, ransomware
68	25/06/2022	17/06/2022	17/06/2022	Quantum Locker	Italian Region of Sardinia (Sardegna)	The Italian region of Sardina (Sardegna) suffers a Quantum Locker ransomware attack and has 155gb of data leaked in the dark web.	Malware	Public admin and defence, social security	CC	IT		Sardina, Sardegna, Quantum Locker, ransomware
69	26/06/2022	26/06/2022	26/06/2022	?	Geographic Solutions Inc. (GSI)	A cyberattack on Geographic Solutions Inc. disrupts unemployment benefits and job seeking assistance for thousands of people in several states.	Unknown	Professional, scientific and technical	CC	US		Geographic Solutions Inc., GSI
70	26/06/2022	26/06/2022	26/06/2022	?	Apetito	Deliveries of prepared meals to thousands of vulnerable people in England are disrupted following a “sophisticated” cyber-attack on food distributor Apetito.	Unknown	Accommodation and food service	CC	UK		Apetito
71	27/06/2022	27/06/2022	27/06/2022	Russia	Ukrainian TV channels	The Ukraine's domestic intelligence agency (SSU) says it blocked Russian attempts to gain access to Ukrainian TV channels' live video stream and news feeds on the eve of the Constitution Day	Unknown	Information and communication	CW	UA		Ukraine's domestic intelligence agency, SSU, Russia, Ukraina, Constitution Day
72	27/06/2022	27/06/2022	27/06/2022	Killnet	State institutions, transport institutions, media websites in Lithuania	Russian hacker group Killnet claims responsibility for a new wave of DDoS attacks against state institutions, transport institutions, media websites in Lithuania	DDoS	Public admin and defence, social security	H	LT		Killnet, Lithuania, Russia, Ukraine
73	27/06/2022	During 2021	-	RansomHouse	AMD	Semiconductor giant AMD says they are investigating a cyber attack after the RansomHouse gang claimed to have stolen 450 GB of data from the company last year.	Malware	Manufacturing	CC	US		AMD, RansomHouse, ransomware
74	27/06/2022	Since at least October 2021	Mid-October 2021	Chinese-speaking threat actor	Organizations in Pakistan, Afghanistan, and Malaysia in the industrial and telecommunications sectors.	Researchers from Kaspersky reveal the details of a Chinese-speaking threat actor hacking into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to install the ShadowPad backdoor and gain access to more secured areas in their networks.	ProxyLogon Vulnerability (CVE-2021-26855)	Multiple Industries	CE	PK AF MY		Kaspersky, HVAC, ShadowPad, ProxyLogon, CVE-2021-26855
75	27/06/2022	Since at least 15/06/2022	15/06/2022	Revive	Android banking users in Spain	Researchers at Cleafy discover Revive, a new Android banking malware that impersonates a 2FA application required to log into BBVA bank accounts in Spain.	Malware	Finance and insurance	CC	ES		Cleafy, Revive, Android, BBVA, Spain
76	27/06/2022	Since March 2022	-	Evilnum	European organizations that are involved in international migration	Researchers at Zscaler discover a new campaign of the Evilnum APT, targeting European organizations that are involved in international migration.	Targeted Attack	Extraterritorial orgs and bodies	CE	EU		Zscaler, Evilnum, APT, migration, Russia, Ukraine
77	27/06/2022	27/06/2022	27/06/2022	?	Macmillan	Publishing giant Macmillan is forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack.	Malware	Information and communication	CC	UK		Macmillan, ransomware
78	27/06/2022	27/06/2022	27/06/2022	Gonjeshke Darande	Khuzestan Steel Co.	Khuzestan Steel Co., one of Iran’s major steel companies is forced to halt production after being hit by a cyberattack. A hacktivist group claims responsibility for the attack.	Malware	Mining and quarrying	H	IR		Khuzestan Steel Co., Gonjeshke Darande
79	27/06/2022	27/06/2022	27/06/2022	Gonjeshke Darande	Steel mill in the central Iranian town of Mobarakeh	A steel mill in the central Iranian town of Mobarakeh is also forced to halt production after being hit by the same cyberattack.`	Malware	Mining and quarrying	H	IR		Mobarakeh, Gonjeshke Darande
80	27/06/2022	27/06/2022	27/06/2022	Gonjeshke Darande	Steel factory in the southern Iranian port of Bandar Abbas	A steel factory in the southern Iranian port of Bandar Abbas is also forced to halt production after being hit by the same cyberattack.`	Malware	Mining and quarrying	H	IR		Bandar Abbas, Gonjeshke Darande
81	27/06/2022	-	-	Daixin Team	Fitzgibbon Hospital	Fitzgibbon Hospital is hit by a ransomware attack by the Daixin Team.	Malware	Human health and social work	CC	US		Fitzgibbon Hospital, ransomware, Daixin Team
82	27/06/2022	-	16/07/2021	?	Proliant Settlement Systems, LLC	Proliant Settlement Systems, LLC confirms that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained on the network. 12,697 individuals are believed to have been impacted	Unknown	Fintech	CC	US		Proliant Settlement Systems, LLC
83	27/06/2022	25/06/2022	25/06/2022	LockBit	OSDE	OSDE, a network of medical care services and providers in Argentina, suffers a LockBit ransomware attack.	Malware	Human health and social work	CC	AR		OSDE, LockBit, ransomware
84	28/06/2022	During May 2022	-	?	Facebook users	Researchers from Trustwave discover a new phishing attack, using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages.	Account Takeover	Individual	CC	>1		Trustwave, Facebook Messenger, chatbot, Facebook
85	28/06/2022	Since at least 10/06/2022	10/06/2022	Raccoon Stealer	Multiple organizations	Researchers from Sekoia discover a new version of the Raccoon Stealer information stealer promoted on the underground forums.	Malware	Multiple Industries	CC	>1		Sekoia, Raccoon Stealer
86	28/06/2022	-	-	?	Individuals in the U.S.	The Federal Bureau of Investigation (FBI) warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions.	Account Takeover	Individual	CC	US		FBI, Deepfake
87	28/06/2022	Since October 2020	-	?	Small office/home office (SOHO) routers across North America and Europe	Researchers at Black Lotus Labs discover a new multistage remote access trojan (RAT) dubbed ZuoRAT, used to target remote workers via unpatched small office/home office (SOHO) routers across North America and Europe undetected since 2020.	Multiple vulnerabilities	Multiple Industries	CC	US Europe		Black Lotus Labs, ZuoRAT, SOHO
88	28/06/2022	-	-	?	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are actively exploiting the PwnKit Linux vulnerability (CVE-2021-4034).	PwnKit (CVE-2021-4034) Vulnerability	Unknown	N/A	US		Cybersecurity and Infrastructure Security Agency, CISA, PwnKit, Linux, CVE-2021-4034
89	28/06/2022	Recently'	Recently'	AstraLocker 2.0	Multiple organizations	Researchers at ReversingLabs discover a new version of the AstraLocker ransomware (AstraLocker 2.0) distributed directly from Microsoft Office files used as bait in Smash-and-grab phishing attacks.	Malware	Multiple Industries	CC	>1		ReversingLabs, AstraLocker, Microsoft Office
90	28/06/2022	28/06/2022	28/06/2022	Legion – Cyber Spetsnaz RF	Some of the Norway most important websites and online services	Some of the Norway most important websites and online services are rendered inaccessible due to DDoS attacks.	DDoS	Public admin and defence, social security	H	NO		Legion – Cyber Spetsnaz RF, Norway, Russia, Ukraine
91	28/06/2022	During June 2022	During June 2022	DRAGONBRIDGE	Appia Rare Earths & Uranium Corp	Researchers from Mandiant reveal the details of a new misinformation campaign by the Chinese threat actor DRAGONBRIDGE targeting Appia Rare Earths & Uranium Corp, a Canadian rare earth miner.	Coordinated inauthentic behavior	Mining and quarrying	CW	CA		Mandiant, DRAGONBRIDGE, Appia Rare Earths & Uranium Corp
92	28/06/2022	During June 2022	During June 2022	DRAGONBRIDGE	USA Rare Earth.	Researchers from Mandiant reveal the details of a new misinformation campaign by the Chinese threat actor DRAGONBRIDGE targeting USA Rare Earth, a U.S. rare earth miner.	Coordinated inauthentic behavior	Mining and quarrying	CW	US		Mandiant, DRAGONBRIDGE, USA Rare Earth
93	28/06/2022	-	-	?	At least five Israeli hotel reservation sites	The Iranian-linked threat group Sharp Boys allegedly hack at least five Israeli hotel reservation sites. The attackers claimed to have stolen the databases of those sites, approximately over 20,000 records	Unknown	Accommodation and food service	H	IL		Sharp Boys
94	28/06/2022	-	-	?	Dripping Springs Independent School District	Dripping Springs Independent School District in Texas discloses a breach affecting 367 individuals.	Unknown	Education	CC	US		Dripping Springs Independent School District
95	28/06/2022	-	-	?	Multiple organizations	Researchers from Avast discover an online community formed by teenagers, creating, exchanging, and spreading malware on the popular communication platform Discord.	Malware	Multiple Industries	CC	>1		Avast, Discord
96	28/06/2022	Between September 14, 2021, and September 18, 2021	-	?	Advocates Inc.	Advocates Inc. starts notifying individuals affected by a cyberattack that saw its network compromised.	Unknown	Human health and social work	CC	US		Advocates Inc.
97	29/06/2022	-	-	YTStealer	YouTube content creators	Researchers from Intezer reveal the details of YTStealer, a new information-stealing malware targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels.	Malware	Arts entertainment, recreation	CC	>1		Intezer, YTStealer, YouTube
98	29/06/2022	28/06/2022	28/06/2022	?	Baton Rouge General	Baton Rouge General is hit with a cyber attack, that force the organization to temporarily revert to recording patient records on paper.	Unknown	Human health and social work	CC	US		Baton Rouge General
99	29/06/2022	-	-	?	Jack Hughston Memorial Hospital	Jack Hughston Memorial Hospital confirms a recent cyberattack.	Unknown	Human health and social work	CC	US		Jack Hughston Memorial Hospital
100	29/06/2022	During April 2022	During April 2022	Avos Locker	Columbus Metro Housing Authority	The Columbus Metro Housing Authority has some data leaked by the Avos Locker ransomware gang.	Malware	Human health and social work	CC	US		Columbus Metro Housing Authority
101	29/06/2022	-	-	?	Bellingham Library	A malware attack cripples some digital services at Bellingham library.	Malware	Public admin and defence, social security	CC	US		Bellingham Library
102	29/06/2022	-	-	?	Whatcom County Library	A malware attack cripples some digital services at Whatcom County library	Malware	Public admin and defence, social security	CC	US		Whatcom County Library
103	29/06/2022	-	-	?	Individuals in Ukraine	Ukrainian police said they have arrested suspected members of a cyber-criminal gang conducting an EU payments phishing scheme, leading to losses of roughly 100 million hryvnias ($3.38m).	Account Takeover	Individual	CC	UA		Ukraine
104	29/06/2022	28/06/2022	28/06/2022	Al-Tahera and Team 1877	Cellebrite	The iranian groups Al-Tahera and Team 1877 claim to have taken down the website of Cellebrite.	DDoS	Professional, scientific and technical	H	IL		Al-Tahera, Team 1877, Cellebrite
105	30/06/2022	Mid-June	Mid-June	Ghostwriter	Ukraine	Researchers from Mandiant reveal the details of a disinformation campaign carried out by the Belarusian government-linked GhostWriter aimed to push a rumor that Ukrainian male refugees in Poland would be identified and deported back to Ukraine for military service.	CIB (Coordinated Inauthentic Behavior)	Individual	CW	UA		Mandiant, Belarus, GhostWriter, Poland, Ukraine
106	30/06/2022	-	-	?	OpenSea users	OpenSea, the popular NFT marketplace warns users of email phishing after a data breach. A staff member at Customer.io, a contractor, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party	Account Takeover	Fintech	CC	US		OpenSea, NFT, Customer.io
107	30/06/2022	-	-	Hack-for-hire groups	Multiple organizations worldwide	Google's Threat Analysis Group (TAG) blocks dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.	>1	Multiple Industries	CE	>1		Google, Threat Analysis Group, TAG
108	30/06/2022	30/05/2022	30/05/2022	LV	Cape Cod Regional Transit Authority (CCRTA)	The Cape Cod Regional Transit Authority (CCRTA) discloses to have been hit by an LV ransomware attack.	Malware	Transportation and storage	CC	US		Cape Cod Regional Transit Authority, CCRTA, LV, ransomware
109	30/06/2022	-	-	XFiles stealer	Multiple organizations	Researchers from Cyberint discover a new Xfiles stealer campaign exploiting the CVE-2022-30190 Vulnerability (Follina).	Malware	Multiple Industries	CC	>1		Cyberint, Xfiles, CVE-2022-30190, Follina
110	30/06/2022	Since late March 2021	Early 2022	SessionManager	Governments and and NGOs in Africa, South Asia, Europe and the Middle East	Researchers from Kaspersky reveal that attackers used SessionManager, a newly discovered malware, to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.	Targeted Attack	Public admin and defence, social security	CE	>1		Kaspersky, SessionManager, Microsoft Exchange
111	30/06/2022	During May 2022	Since 2019	MedusaLocker	Healthcare organizations	The Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) warn about a new wave of attacks by the MedusaLocker ransomware, exploiting vulnerable RDP configurations to access victims' networks.	Malware	Human health and social work	CC	US		Federal Bureau of Investigation, FBI, Cybersecurity and Infrastructure Security Agency, CISA, MedusaLocker, RDP, ransomware
112	30/06/2022	-	-	The 8220 gang	Multiple targets	Researchers from Microsoft reveal the details of a new campaign by the 8220 aimed to compromise Linux systems and install cryptomining malware, exploiting the Atlassian Confluence CVE-2022-26134 vulnerability.	CVE-2022-26134 vulnerability	Multiple Industries	CC	>1		8220, Linux, Atlassian Confluence, CVE-2022-26134
113	30/06/2022	-	May 2022	?	Undisclosed company	Researchers at CloudSEK reveal that a threat actor claims to have breached an undisclosed company exploiting a vulnerability in Jenkins.	Jenkins vulnerability	Unknown	CC	N/A		CloudSEK, Jenkins
114	30/06/2022	-	-	?	IBM	Researchers at CloudSEK reveal that a threat actor claims to have breached IBM exploiting a vulnerability in Jenkins.	Unknown	Professional, scientific and technical	CC	US		IBM, CloudSEK, Jenkins
115	30/06/2022	-	-	?	Stanford University	Researchers at CloudSEK reveal that that the same threat actor claims to have breached the Stanford University exploiting a vulnerability in WordPress.	WordPress plugin vulnerability	Education	CC	US		CloudSEK, Stanford University, WordPress
116	30/06/2022	-	-	?	Jozef Safarik University	Researchers at CloudSEK reveal that that the same threat actor claims to have breached the Jozef Safarik University.	Unknown	Education	CC	SK		CloudSEK, Jozef Safarik University
117	30/06/2022	-	-	?	Multiple governments	Researchers at CloudSEK reveal that that the same threat actor claims to have multiple governments.	Unknown	Public admin and defence, social security	CC	UA UAE PK NP BT KE LK ID		CloudSEK
118	30/06/2022	Early December 2021	-	?	OrthoNebraska	OrthoNebraska discloses that in early December 2021, an unauthorized individual or individuals gained access to an email account, sent out spam messages and gained access to protected personal and health information.	Account Takeover	Human health and social work	CC	US		OrthoNebraska
119	30/06/2022	Between January 27 and February 7, 2022.	01/02/2022	?	Community of Hope D.C. (COHDC)	Community of Hope D.C. (COHDC) discloses to have suffered a data security incident involving unauthorized access to an email account of one employee.	Account Takeover	Human health and social work	CC	US		Community of Hope D.C., COHDC
120	30/06/2022	Recently'	Recently'	Black Basta	VMWare ESXi servers	Researchers from Uptycs reveal that they spotted a new Black Basta ransomware variant specifically targeting VMWare ESXi servers.	Malware	Multiple Industries	CC	>1		Uptycs, Black Basta, ransomware, VMWare ESXi
121	30/06/2022	-	-	PennyWise	Individuals	Researchers from Cyble discover Pennywise, an infostealer focused on stealing sensitive browser data and cryptocurrency wallets, distributed via YouTube videos.	Malware	Individual	CC	>1		Cyble, Pennywise, YouTube
122	30/06/2022	-	-	?	Elbląskie Przedsiębiorstwo Energetyki Cieplnej (EPEC)	Elbląskie Przedsiębiorstwo Energetyki Cieplnej (EPEC) is hit with a malware attack and some data is lost.	Malware	Electricity, gas steam, air conditioning	CC	PL		Elbląskie Przedsiębiorstwo Energetyki Cieplnej, EPEC
123	30/06/2022	-	-	DarkFox	Clairsol	Unauthorized access to Clairsol's portal, an Information Management (HIM), vendor results in some patients’ protected health information being acquired and exfiltrated.	Account Takeover	Professional, scientific and technical	CC	US		DarkFox, Clairsol
124	30/06/2022	-	-	DarkFox	Transriter	Unauthorized access to Transriter's portal, a medical transcription and document platform (owned by Diskriter), results in some patients’ protected health information being acquired and exfiltrated.	Account Takeover	Professional, scientific and technical	CC	US		DarkFox, Transriter, Diskriter
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

16-30 September 2023 Cyber Attacks Timeline
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
August 2023 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively...
1-15 September 2023 Cyber Attacks Timeline
The first cyber attack timeline of September 2023 reveals a record-breaking 13.93 events/day, a worrying increase from August's downward trend. Ransomware and malware attacks continue to be prevalent, making up 39.7% of the threat landscape, a rise from 34.5%. The impact of vulnerabilities remains vital ...
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.