And finally I can publish the second timeline of June 2022 (part I here). In the second half of the month I collected 117 events, corresponding to an average of 7.8 events/day, once again in line with the sustained trend that is characterizing the latest months.
Even this second timeline of June confirms a decrease in the number of events related to Ukraine, and a relatively high number of events characterized by ransomware (27 out of 117, corresponding to 23%, slightly less than 26.8% of the previous timeline.) As always consider that the real percentage could be higher since some organizations, when suffering ransomware attacks, report generic outages or disruptions without citing explicitly the reason of the attack. Vulnerabilities characterized, directly or indirectly 16.2% of events, once again thanks primarily to ‘Follina’ (CVE-2022-30190). And even if this number is lower than 20.3% of the previous fortnight, it remains equally important.
Attacks against Decentralized Finance platforms continued also in this second fortnight. The most massive one hit Harmony ($100M worth of cryptocurrency allegedly stolen) and it was carried out by the North Korean APT Lazarus Group.
The cyber espionage front confirms the trend of the last months, with quite a sustained level of activity. Ukraine was, easily predictable, the target of several campaigns carried out by the likes of APT28 (AKA Fancy Bear), and UAC-0098 (a previously unidentified threat group). Other active groups (whose operations were not directly related to Ukraine, include: APT10, APT41, Evilnum, Tropic Trooper, and new actors such as the ToddyCat.
After this short summary, you can enjoy the interactive timeline. Thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map June H2 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/06/2022
Since April 2022
-
?
iOS and Android users in Kazakhstan, Syria and Italy
Researchers from Lookout reveal the details of Hermit, an Android spyware deployed in targeted attacks by national governments, with victims in Kazakhstan, Syria and Italy. A subsequent from Google reveals that the company behind Hermit, RCS Labs, has received help from some Internet service providers (ISPs) to infect the victims.
Targeted Attack
Individual
CE
KZ
SY
IT
Lookout, Hermit, Android, Google, RCS Labs, iOS
2
16/06/2022
16/06/2022
16/06/2022
Multiple threat actors
Vulnerable WordPress sites
750,000 WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, are force-updated en masse to a new build that addresses a critical security vulnerability likely exploited in the wild.
WordPress Plugin vulnerability
Multiple Industries
CC
>1
WordPress, Ninja Forms
3
16/06/2022
16/06/2022
16/06/2022
?
Multiple organizations
A new malicious spam campaign delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines.
Malware
Multiple Industries
CC
>1
Matanbuchus, Cobalt Strike
4
16/06/2022
-
20/04/2022
?
Guardian Fueling Technologies
Guardian Fueling Technologies confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on the company’s computer network.
Unknown
Administration and support service
CC
US
Guardian Fueling Technologies
5
16/06/2022
26/05/2022
-
?
Montgomery County
Montgomery County is hit with a phishing attack affecting 85 county computers.
Account Takeover
Public admin and defence, social security
CC
US
Montgomery County
6
16/06/2022
16/06/2022
16/06/2022
?
Inverse Finance
Inverse Finance, a decentralized finance (DeFi) protocol suffers another price manipulation attack and looses $1.2M to the anonymous attacker, and $5.8M overall.
Price manipulation
Fintech
CC
N/A
Inverse Finance
7
17/06/2022
03-04/12/2022
02/06/2022
?
Flagstar Bank
Flagstar Bank notifies 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack.
Unknown
Finance and insurance
CC
US
Flagstar Bank
8
17/06/2022
-
-
DeadBolt
Vulnerable QNAP devices
NAS vendor QNAP warns customers to secure their devices against a new campaign of attacks pushing DeadBolt ransomware.
Malware
Multiple Industries
CC
>1
NAS, QNAP, DeadBolt, ransomware
9
17/06/2022
Since at least early 2017
Early 2017
RSocks
Millions of computers, Android smartphones, and IoT devices worldwide
The U.S. Department of Justice announces the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT devices worldwide for use as proxy servers.
Malware
Multiple Industries
CC
>1
U.S. Department of Justice, RSocks
10
17/06/2022
-
-
BRATA
Customers of financial institutions in the UK, Italy, and Spain
Researchers from Cleafy discover a new variant of the BRATA Android banking malware with information-stealing capabilities and an APT activity pattern.
Malware
Finance and insurance
CC
UK
IT
ES
Cleafy, Android, BRATA
11
17/06/2022
Since May 2022
During May 2022
?
U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors
Researchers from Zscaler discover new phishing campaign, using fake voicemail notifications to lure victims into opening a malicious HTML attachment and steal their Microsoft 365 credentials.
Malware
Multiple Industries
CC
US
Zscaler, ThreatLabz, Microsoft 365
12
17/06/2022
Between March 31, 2022 and April 24, 2022
20/04/2022
?
Baptist Medical Center & Resolute Health Hospital
Baptist Health System discloses a malware cybersecurity incident that affected Baptist Medical Center and Resolute Health Hospital.1,24 million individuals are impacted.
Malware
Human health and social work
CC
US
Baptist Health System, Baptist Medical Center, Resolute Health Hospital
13
17/06/2022
Between January 19, 2022, and March 17, 2022
-
?
Avamere Health Services
Avamere Health Services discloses that an unauthorized third party had intermittently accessed its network and certain files and folders had been copied from its systems containing patients’ protected health information.
Unknown
Human health and social work
CC
US
Avamere Health Services
14
17/06/2022
-
-
?
Council on Aging of Buncombe County
The Council on Aging of Buncombe County is hit with a ransomware attack.
Malware
Human health and social work
CC
US
Council on Aging of Buncombe County, ransomware
15
18/06/2022
Since early January 2022
Early January 2022
Ech0raix AKA QNAPCrypt
Vulnerable QNAP devices
The Ech0raix ransomware starts targeting vulnerable QNAP NAS devices again.
Malware
Multiple Industries
CC
>1
Ech0raix, ransomware, QNAP, NAS, QNAPCrypt
16
18/06/2022
During May 2022
During May 2022
?
German Green Party
The German Green party, which is part of the country’s governing coalition, says its IT system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck.
Account Takeover
Public admin and defence, social security
CE
DE
German Green Party, Foreign Minister, Annalena Baerbock, Economy Minister, Robert Habeck
17
18/06/2022
18/06/2022
18/06/2022
DragonForce Malaysia
Delhi government railway police
In name of #OpsPatuk, DragonForce Malaysia claims to have hacked and defaced the Delhi government railway police website.
CVE-2022-26134 Vulnerability
Public admin and defence, social security
H
IN
#OpsPatuk, DragonForce Malaysia, Delhi government railway police, CVE-2022-26134
18
18/06/2022
-
-
DragonForce Malaysia
Unknown organization
Indian logistics provider Grab denies claims spread by the DragonForce Malaysia hacktivist group that it fell victim to a hacking attack, saying that the leaked data was taken from a third-party vendor.
CVE-2022-26134 Vulnerability
Unknown
H
IN
#OpsPatuk, DragonForce Malaysia, Grab, CVE-2022-26134
19
20/06/2022
20/06/2022
20/06/2022
APT28 (AKA STRONTIUM, Fancy Bear, and Sofacy)
Organizations in Ukraine
The Ukrainian Computer Emergency Response Team (CERT-UA) discovers a new campaign by APT 28 exploiting the Follina code execution vulnerability (CVE-2022-30190) to install the CredoMap malware.
The Ukrainian Computer Emergency Response Team (CERT-UA also identifies a different campaign by a threat actor tracked as UAC-0098, also using CVE-2022-30190 to infect the target
The Medical University of Innsbruck suffers a ransomware attack by the Vice Society gang, which causes severe IT service disruption and the alleged theft of data.
Malware
Education
CC
AU
Medical University of Innsbruck, ransomware, Vice Society
22
20/06/2022
-
-
?
Multiple online stores
Researchers from Malwarebytes reveal the details of a new Magecart campaign leveraging a 'pretty wide infrastructure.'
Malicious Script Injection
Wholesale and retail
CC
>1
Malwarebytes, Magecart
23
20/06/2022
18/06/2022
18/06/2022
Iranian threat actors
Israeli cities of Jerusalem and Eilat
False rocket warning sirens are heard in the Israeli cities of Jerusalem and Eilat. According to the Israel National Cyber Directorate (INCD), the sirens were triggered by a cyberattack possibly by Iranian threat actors.
Unknown
Public admin and defence, social security
H
IL
Jerusalem, Eilat, Israel National Cyber Directorate, INCD
24
20/06/2022
-
-
?
Houston County Board of Education (HCBE)
Data allegedly from Houston County Board of Education (HCBE) is put on sale on a forum.
Unknown
Education
CC
US
Houston County Board of Education, HCBE
25
21/06/2022
Since at least December 2020.
During 2022
ToddyCat
Military and governmental organizations in Asia and Europe
Researchers from Kaspersky reveal the details of ToddyCat, an APT group targeting Microsoft Exchange servers of military and governmental organizations in Asia and Europe for more than a year.
Targeted Attack
Public admin and defence, social security
CE
>1
Kaspersky, ToddyCat, APT, Microsoft Exchange, Asia, Europe
26
21/06/2022
-
-
?
Yodel
Services for the U.K.-based Yodel delivery service company are disrupted due to a suspected ransomware cyberattack that caused delays in parcel distribution and tracking orders online.
Malware
Transportation and storage
CC
UK
Yodel, ransomware
27
21/06/2022
Since March 2022
March 2022
Dridex
Multiple targets
Researchers from Bitdefender discover a new campaign carried out via the RIG exploit kit delivering the Dridex banking trojan instead of the Raccoon Stealer malware.
Malware
Finance and insurance
CC
>1
Bitdefender, RIG, Dridex, Raccoon Stealer
28
21/06/2022
From February 21, 2022 to February 25, 2022
-
?
Pape-Dawson Engineers, Inc.
The engineering firm Pape-Dawson Engineers, Inc. notifies a data breach with various government entities after an unauthorized access to its computer system.
Unknown
Professional, scientific and technical
CC
US
Pape-Dawson Engineers, Inc.
29
21/06/2022
17/06/2022
17/06/2022
?
St Petersburg International Economic Forum
A DDoS attack disrupts the proceedings at the 25th St Petersburg International Economic Forum, regarded as the Russian answer to the Davos World Economic Forum.
DDoS
Public admin and defence, social security
H
RU
St Petersburg International Economic Forum
30
21/06/2022
During June 2022
During June 2022
?
Individuals in the UK
The UK’s National Health Service (NHS) warns the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19.
Account Takeover
Individual
CC
UK
UK, National Health Service, NHS, Omicron, COVID-19
31
21/06/2022
-
-
?
At least 100 Israeli military in six secret bases
An investigation reveals that a security hole on the fitness social network “Strava” was used to spy on Israeli security personnel.
Strava vulnerability
Public admin and defence, social security
CE
IL
Strava
32
21/06/2022
Recently'
Recently'
?
Brooks County’s Justice of the Peace and district courts
The Brooks County’s Justice of the Peace and district courts is hit with a ransomware attack that cost more than $37,000.
Malware
Public admin and defence, social security
CC
US
Brooks County’s Justice of the Peace and district courts, ransomware
33
21/06/2022
October - November 2021
-
?
LendingTree.com
A threat actor releases a large database on a popular hacking forum that allegedly came from LendingTree.com, containing the information from 200,643 loan applications. Few days after the company confirms the breach.
Unknown
Finance and insurance
CC
US
LendingTree.com
34
22/06/2022
Since 24 February 2022
During 2022
Russian Intelligence Agencies (including the GRU, SVR, and FSB)
128 targets in 42 countries outside Ukraine
Microsoft reveals that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after the invasion. In particular, since the start of the war, threat actors linked to several intelligence services (including the GRU, SVR, and FSB) have attempted to breach entities in dozens of countries worldwide, prioritizing governments.
Targeted Attack
Public admin and defence, social security
CE
>1
Microsoft, Russian intelligence agencies, GRU, SVR, FSB, Russia Ukraine
35
22/06/2022
Recently'
Recently'
Tropic Trooper
Multiple organizations
Researchers from Check Point discover a new campaign attributed to the Chinese "Tropic Trooper" group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.
Targeted Attack
Multiple Industries
CE
>1
Check Point, Tropic Trooper, Nimbda, Yahoyah
36
22/06/2022
14/06/2022
14/06/2022
?
Nichirin-Flex U.S.A,
Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, is hit by a ransomware attack causing the company to take the network offline.
Malware
Manufacturing
CC
US
Nichirin-Flex U.S.A, Nichirin, ransomware
37
22/06/2022
During June 2022
During June 2022
?
LGBTQ+ community
The U.S. Federal Trade Commission (FTC) warns of extortion scammers targeting the LGBTQ+ community by abusing online dating apps like Grindr and Feeld.
Extortion Scam
Individual
CC
US
U.S. Federal Trade Commission, FTC, LGBTQ+, Grindr, Feeld
38
22/06/2022
Between December 2 and April 18
17/04/2022
?
Mason Tenders’ District Council Funds
Mason Tenders’ District Council Funds confirms that the organization experienced a data breach after an unauthorized party gained access to its computer network compromising the information of 29,000 plan participants and employees.
Unknown
Finance and insurance
CC
US
Mason Tenders’ District Council Funds
39
22/06/2022
13/09/2022
Between August 25, 2021 and September 15, 2021
?
ADM Associates, Inc.
ADM Associates, Inc. confirms that the company experienced a data breach after an unauthorized party gained access to the company’s computer network.
Unknown
Professional, scientific and technical
CC
US
ADM Associates, Inc.
40
22/06/2022
-
-
Keona Clipper
Cryptocurrency users
Researchers from Cyble discover 'Keona Clipper', a clipper malware aimed to steal cryptocurrency and leveraging Telegram for anonymity.
Malware
Fintech
CC
>1
Cyble, Keona Clipper, Telegram
41
22/06/2022
-
14/06/2022
Vice Society
Grand Valley State University (GVSU)
Grand Valley State University (GVSU) has some data dumped in the Vice Society ransomware website.
Malware
Education
CC
US
Grand Valley State University, GVSU, Vice Society, ransomware
42
23/06/2022
Since 21/06/2022
21/06/2022
Legion – Cyber Spetsnaz RF
Public authorities in Lithuania
The National Cyber Security Center (NKSC) of Lithuania issues a public warning about a steep increase in DDoS attacks directed against public authorities in the country.
DDoS
Public admin and defence, social security
H
LT
Legion – Cyber Spetsnaz RF, NKSC, National Cyber Security Center of Lithuania
43
23/06/2022
Between November 17 and December 20, 2021.
-
Conti
More than 40 companies worldwide
Researchers from Group-IB disclose the details of ARMattack, a ransomware operation that hit more than 40 companies in a little over a month between November and December 2021.
Malware
Multiple Industries
CC
>1
Conti, ransomware, ARMattack
44
23/06/2022
-
-
?
Multiple organizations across the financial industry
Researchers from Armorblox discover a new phishing campaign targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases.
Account Takeover
Finance and insurance
CC
>1
Armorblox, Microsoft 365, MetaMask
45
23/06/2022
Starting in March 2022
During 2022
APT10 (AKA Bronze Starlight)
Japanese and western organizations
Researchers from Secureworks reveal the details of a new cluster of activity by Bronze Starlight, the first of two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western organizations, deploying ransomware as a decoy to cover up their malicious activities, and using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT.
Researchers from Secureworks reveal the details of a new cluster of activity by Bronze Riverside, the second of two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western organizations, deploying ransomware as a decoy to cover up their malicious activities, and using the HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT.
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER warn that threat actors, including state-backed hacking groups, are still targeting VMware Horizon and Unified Access Gateway (UAG) servers using the Log4Shell (CVE-2021-44228) remote code execution vulnerability.
Log4Shell Vulnerability (CVE-2021-44228)
Multiple Industries
CE
US
Cybersecurity and Infrastructure Security Agency, CISA. United States Coast Guard Cyber Command, CGCYBER, VMware Horizon, Unified Access Gateway, UAG, Log4Shell, CVE-2021-44228
48
23/06/2022
-
-
?
Individuals in Israel
Researchers from Akamai reveal the details of a scalper bot, creating havoc in Israel by registering public service appointments for various government services and then offering to sell them to disgruntled citizens.
Malicious bot
Individual
CC
IL
Akamai, bot
49
23/06/2022
22/06/2022
22/06/2022
?
Fast Shop
Fast Shop, one of Brazil's largest retailers, has suffered an 'extortion' cyberattack that led to network disruption and the temporary closure of its online store.The threat actors claimed they were actively able to access the firm's databases on AWS, Azure, GitLab, and IBM cloud, stealing website/app source code and valuable user and corporate data.
Unknown
Wholesale and retail
CC
BR
Fast Shop
50
23/06/2022
Recently'
Recently'
?
Undisclosed organization
Researcher from Crowdstrike reveal the details of a ransomware attack where the attackers used a zero-day exploit (CVE-2022-29499) on Linux-based Mitel MiVoice VOIP appliances for initial access.
Malware
Unknown
CC
N/A
Crowdstrike, ransomware, CVE-2022-29499, Linux, Mitel MiVoice VOIP
51
23/06/2022
Since at least 13/06/2022
Between 13/06/2022 and 20/06/2022
?
Multiple organizations
Researchers from Sonatype discover multiple Python packages that exfiltrate AWS credentials and environment variables, and upload them to a publicly exposed endpoint.
Malware
Multiple Industries
CC
>1
Sonatype, Python, AWS
52
23/06/2022
-
10/11/2021
?
Bank of the West
The Bank of the West warns customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs.
ATM Skimmer
Finance and insurance
CC
US
Bank of the West
53
23/06/2022
Since at least February 2021
-
Matanbuchus
Multiple organizations
Researchers from Cyble reveal the details of a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons.
Malware
Multiple Industries
CC
>1
Cyble, Matanbuchus, Cobalt Strike
54
23/06/2022
Starting in May 2022
Early May 2022
?
individuals
Researchers from Avanan discover a campaign exploiting the domain of QuickBooks to send malicious invoices and request payments.
Account Takeover
Individual
CC
>1
Avanan, QuickBooks
55
23/06/2022
01/06/2022
01/06/2022
Hive
Artear group (Arte Radiotelevisivo Argentino)
Artear group (Arte Radiotelevisivo Argentino) is hit with a Hive ransomware attack.
Malware
Information and communication
CC
AR
Artear group, Arte Radiotelevisivo Argentino, Hive, ransomware
56
24/06/2022
Since at least 10/06/2022
-
?
Ukrainian telecommunications operators
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT.
Targeted Attack
Information and communication
CE
UA
Computer Emergency Response Team of Ukraine, CERT-UA, DarkCrystal
57
24/06/2022
24/06/2022
24/06/2022
Lazarus Group
Harmony
Threat actors steal $100 million in cryptocurrency from the Blockchain company Harmony. North Korea-linked Lazarus Group APT is suspected to be behind the attack.
Compromised Private Keys
Fintech
CC
US
Harmony, Lazarus Group
58
24/06/2022
Since at least 17/06/2022
-
LockBit
TB Kawashima
TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group, announces that one of its subsidiaries in Thailand has been hit by a cyberattack. The data is published in the LockBit data leak site.
Malware
Manufacturing
CC
TH
TB Kawashima, Toyota Boshoku of, Toyota Group, LockBit, ransomware
59
24/06/2022
-
-
LockBit
Multiple organizations
Researchers from Ahnlab ASEC discover a new campaign distributing the LockBit ransomware using emails in disguise of copyright infringements.
Malware
Multiple Industries
CC
KR
Ahnlab, ASEC, LockBit, ransomware
60
24/06/2022
-
-
?
50 organizations worldwide
Researchers from Rapid7 reveal that a threat actor is selling access to 50 vulnerable networks on a cybercriminal forum after breaking into systems through the recently-discovered Atlassian Confluence zero-day CVE-2022-26134.
CVE-2022-26134 Vulnerability
Multiple Industries
CC
>1
Rapid7, Atlassian Confluence, CVE-2022-26134
61
24/06/2022
Between 24/02/2022 and 22/03/2022
During February 2022
?
Covenant Care of California
Covenant Care of California confirms that multiple employee email accounts were compromised. As a result, the names, medical information, health insurance information, dates of birth, Social Security numbers, driver’s license numbers, and other personal information of certain patients was compromised.
Account Takeover
Human health and social work
CC
US
Covenant Care of California
62
24/06/2022
Between November 12, 2021 and April 26, 2022.
29/03/2022
?
Chefs’ Toys
Chefs’ Toys confirms that the company experienced a data breach after receiving reports by customers of unauthorized charges on their credit and debit cards used to make purchases on its website.
Malicious Script Injection
Wholesale and retail
CC
US
Chefs’ Toys
63
24/06/2022
08/06/2022
-
Hive
Diskriter
The Hive ransomware threat actors hit Diskriter.
Malware
Professional, scientific and technical
CC
US
Hive, ransomware, Diskriter
64
24/06/2022
Between January 12, 2022, and January 19
25/04/2022
?
University Pediatric Dentistry
University Pediatric Dentistry in Buffalo, NY, has started notifying 6,843 patients that some of their protected health information has been exposed in an email security incident.
Account Takeover
Human health and social work
CC
US
University Pediatric Dentistry
65
24/06/2022
Since 24/02/2022
Since 24/02/2022
Russia
Ukrainian public opinion
The Ukraine's domestic intelligence agency (SSU) says it blocked almost 500 Youtube channels and several thousand accounts in social networks spreading disinformation and fake news about 'biolabs' and 'radio-controlled geese'.
Elasticsearch servers openly accessible without authentication
Researchers from Cyble discover NightLion, a worm targeting Elasticsearch servers that are openly accessible without authentication.
Misconfiguration
Multiple Industries
CC
>1
Cyble, NightLion
67
25/06/2022
Two weeks ago
Two weeks ago
?
Napa Valley College
The Napa Valley College website and network systems are knocked offline as the result of a ransomware attack.
Malware
Education
CC
US
Napa Valley College, ransomware
68
25/06/2022
17/06/2022
17/06/2022
Quantum Locker
Italian Region of Sardinia (Sardegna)
The Italian region of Sardina (Sardegna) suffers a Quantum Locker ransomware attack and has 155gb of data leaked in the dark web.
Malware
Public admin and defence, social security
CC
IT
Sardina, Sardegna, Quantum Locker, ransomware
69
26/06/2022
26/06/2022
26/06/2022
?
Geographic Solutions Inc. (GSI)
A cyberattack on Geographic Solutions Inc. disrupts unemployment benefits and job seeking assistance for thousands of people in several states.
Unknown
Professional, scientific and technical
CC
US
Geographic Solutions Inc., GSI
70
26/06/2022
26/06/2022
26/06/2022
?
Apetito
Deliveries of prepared meals to thousands of vulnerable people in England are disrupted following a “sophisticated” cyber-attack on food distributor Apetito.
Unknown
Accommodation and food service
CC
UK
Apetito
71
27/06/2022
27/06/2022
27/06/2022
Russia
Ukrainian TV channels
The Ukraine's domestic intelligence agency (SSU) says it blocked Russian attempts to gain access to Ukrainian TV channels' live video stream and news feeds on the eve of the Constitution Day
Unknown
Information and communication
CW
UA
Ukraine's domestic intelligence agency, SSU, Russia, Ukraina, Constitution Day
72
27/06/2022
27/06/2022
27/06/2022
Killnet
State institutions, transport institutions, media websites in Lithuania
Russian hacker group Killnet claims responsibility for a new wave of DDoS attacks against state institutions, transport institutions, media websites in Lithuania
DDoS
Public admin and defence, social security
H
LT
Killnet, Lithuania, Russia, Ukraine
73
27/06/2022
During 2021
-
RansomHouse
AMD
Semiconductor giant AMD says they are investigating a cyber attack after the RansomHouse gang claimed to have stolen 450 GB of data from the company last year.
Malware
Manufacturing
CC
US
AMD, RansomHouse, ransomware
74
27/06/2022
Since at least October 2021
Mid-October 2021
Chinese-speaking threat actor
Organizations in Pakistan, Afghanistan, and Malaysia in the industrial and telecommunications sectors.
Researchers from Kaspersky reveal the details of a Chinese-speaking threat actor hacking into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to install the ShadowPad backdoor and gain access to more secured areas in their networks.
Researchers at Cleafy discover Revive, a new Android banking malware that impersonates a 2FA application required to log into BBVA bank accounts in Spain.
Malware
Finance and insurance
CC
ES
Cleafy, Revive, Android, BBVA, Spain
76
27/06/2022
Since March 2022
-
Evilnum
European organizations that are involved in international migration
Researchers at Zscaler discover a new campaign of the Evilnum APT, targeting European organizations that are involved in international migration.
Targeted Attack
Extraterritorial orgs and bodies
CE
EU
Zscaler, Evilnum, APT, migration, Russia, Ukraine
77
27/06/2022
27/06/2022
27/06/2022
?
Macmillan
Publishing giant Macmillan is forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack.
Malware
Information and communication
CC
UK
Macmillan, ransomware
78
27/06/2022
27/06/2022
27/06/2022
Gonjeshke Darande
Khuzestan Steel Co.
Khuzestan Steel Co., one of Iran’s major steel companies is forced to halt production after being hit by a cyberattack. A hacktivist group claims responsibility for the attack.
Malware
Mining and quarrying
H
IR
Khuzestan Steel Co., Gonjeshke Darande
79
27/06/2022
27/06/2022
27/06/2022
Gonjeshke Darande
Steel mill in the central Iranian town of Mobarakeh
A steel mill in the central Iranian town of Mobarakeh is also forced to halt production after being hit by the same cyberattack.`
Malware
Mining and quarrying
H
IR
Mobarakeh, Gonjeshke Darande
80
27/06/2022
27/06/2022
27/06/2022
Gonjeshke Darande
Steel factory in the southern Iranian port of Bandar Abbas
A steel factory in the southern Iranian port of Bandar Abbas is also forced to halt production after being hit by the same cyberattack.`
Malware
Mining and quarrying
H
IR
Bandar Abbas, Gonjeshke Darande
81
27/06/2022
-
-
Daixin Team
Fitzgibbon Hospital
Fitzgibbon Hospital is hit by a ransomware attack by the Daixin Team.
Malware
Human health and social work
CC
US
Fitzgibbon Hospital, ransomware, Daixin Team
82
27/06/2022
-
16/07/2021
?
Proliant Settlement Systems, LLC
Proliant Settlement Systems, LLC confirms that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained on the network. 12,697 individuals are believed to have been impacted
Unknown
Fintech
CC
US
Proliant Settlement Systems, LLC
83
27/06/2022
25/06/2022
25/06/2022
LockBit
OSDE
OSDE, a network of medical care services and providers in Argentina, suffers a LockBit ransomware attack.
Malware
Human health and social work
CC
AR
OSDE, LockBit, ransomware
84
28/06/2022
During May 2022
-
?
Facebook users
Researchers from Trustwave discover a new phishing attack, using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages.
Account Takeover
Individual
CC
>1
Trustwave, Facebook Messenger, chatbot, Facebook
85
28/06/2022
Since at least 10/06/2022
10/06/2022
Raccoon Stealer
Multiple organizations
Researchers from Sekoia discover a new version of the Raccoon Stealer information stealer promoted on the underground forums.
Malware
Multiple Industries
CC
>1
Sekoia, Raccoon Stealer
86
28/06/2022
-
-
?
Individuals in the U.S.
The Federal Bureau of Investigation (FBI) warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions.
Account Takeover
Individual
CC
US
FBI, Deepfake
87
28/06/2022
Since October 2020
-
?
Small office/home office (SOHO) routers across North America and Europe
Researchers at Black Lotus Labs discover a new multistage remote access trojan (RAT) dubbed ZuoRAT, used to target remote workers via unpatched small office/home office (SOHO) routers across North America and Europe undetected since 2020.
Multiple vulnerabilities
Multiple Industries
CC
US
Europe
Black Lotus Labs, ZuoRAT, SOHO
88
28/06/2022
-
-
?
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are actively exploiting the PwnKit Linux vulnerability (CVE-2021-4034).
PwnKit (CVE-2021-4034) Vulnerability
Unknown
N/A
US
Cybersecurity and Infrastructure Security Agency, CISA, PwnKit, Linux, CVE-2021-4034
89
28/06/2022
Recently'
Recently'
AstraLocker 2.0
Multiple organizations
Researchers at ReversingLabs discover a new version of the AstraLocker ransomware (AstraLocker 2.0) distributed directly from Microsoft Office files used as bait in Smash-and-grab phishing attacks.
Malware
Multiple Industries
CC
>1
ReversingLabs, AstraLocker, Microsoft Office
90
28/06/2022
28/06/2022
28/06/2022
Legion – Cyber Spetsnaz RF
Some of the Norway most important websites and online services
Some of the Norway most important websites and online services are rendered inaccessible due to DDoS attacks.
Researchers from Mandiant reveal the details of a new misinformation campaign by the Chinese threat actor DRAGONBRIDGE targeting Appia Rare Earths & Uranium Corp, a Canadian rare earth miner.
Researchers from Mandiant reveal the details of a new misinformation campaign by the Chinese threat actor DRAGONBRIDGE targeting USA Rare Earth, a U.S. rare earth miner.
Coordinated inauthentic behavior
Mining and quarrying
CW
US
Mandiant, DRAGONBRIDGE, USA Rare Earth
93
28/06/2022
-
-
?
At least five Israeli hotel reservation sites
The Iranian-linked threat group Sharp Boys allegedly hack at least five Israeli hotel reservation sites. The attackers claimed to have stolen the databases of those sites, approximately over 20,000 records
Unknown
Accommodation and food service
H
IL
Sharp Boys
94
28/06/2022
-
-
?
Dripping Springs Independent School District
Dripping Springs Independent School District in Texas discloses a breach affecting 367 individuals.
Unknown
Education
CC
US
Dripping Springs Independent School District
95
28/06/2022
-
-
?
Multiple organizations
Researchers from Avast discover an online community formed by teenagers, creating, exchanging, and spreading malware on the popular communication platform Discord.
Malware
Multiple Industries
CC
>1
Avast, Discord
96
28/06/2022
Between September 14, 2021, and September 18, 2021
-
?
Advocates Inc.
Advocates Inc. starts notifying individuals affected by a cyberattack that saw its network compromised.
Unknown
Human health and social work
CC
US
Advocates Inc.
97
29/06/2022
-
-
YTStealer
YouTube content creators
Researchers from Intezer reveal the details of YTStealer, a new information-stealing malware targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels.
Malware
Arts entertainment, recreation
CC
>1
Intezer, YTStealer, YouTube
98
29/06/2022
28/06/2022
28/06/2022
?
Baton Rouge General
Baton Rouge General is hit with a cyber attack, that force the organization to temporarily revert to recording patient records on paper.
Unknown
Human health and social work
CC
US
Baton Rouge General
99
29/06/2022
-
-
?
Jack Hughston Memorial Hospital
Jack Hughston Memorial Hospital confirms a recent cyberattack.
Unknown
Human health and social work
CC
US
Jack Hughston Memorial Hospital
100
29/06/2022
During April 2022
During April 2022
Avos Locker
Columbus Metro Housing Authority
The Columbus Metro Housing Authority has some data leaked by the Avos Locker ransomware gang.
Malware
Human health and social work
CC
US
Columbus Metro Housing Authority
101
29/06/2022
-
-
?
Bellingham Library
A malware attack cripples some digital services at Bellingham library.
Malware
Public admin and defence, social security
CC
US
Bellingham Library
102
29/06/2022
-
-
?
Whatcom County Library
A malware attack cripples some digital services at Whatcom County library
Malware
Public admin and defence, social security
CC
US
Whatcom County Library
103
29/06/2022
-
-
?
Individuals in Ukraine
Ukrainian police said they have arrested suspected members of a cyber-criminal gang conducting an EU payments phishing scheme, leading to losses of roughly 100 million hryvnias ($3.38m).
Account Takeover
Individual
CC
UA
Ukraine
104
29/06/2022
28/06/2022
28/06/2022
Al-Tahera and Team 1877
Cellebrite
The iranian groups Al-Tahera and Team 1877 claim to have taken down the website of Cellebrite.
DDoS
Professional, scientific and technical
H
IL
Al-Tahera, Team 1877, Cellebrite
105
30/06/2022
Mid-June
Mid-June
Ghostwriter
Ukraine
Researchers from Mandiant reveal the details of a disinformation campaign carried out by the Belarusian government-linked GhostWriter aimed to push a rumor that Ukrainian male refugees in Poland would be identified and deported back to Ukraine for military service.
CIB (Coordinated Inauthentic Behavior)
Individual
CW
UA
Mandiant, Belarus, GhostWriter, Poland, Ukraine
106
30/06/2022
-
-
?
OpenSea users
OpenSea, the popular NFT marketplace warns users of email phishing after a data breach. A staff member at Customer.io, a contractor, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party
Account Takeover
Fintech
CC
US
OpenSea, NFT, Customer.io
107
30/06/2022
-
-
Hack-for-hire groups
Multiple organizations worldwide
Google's Threat Analysis Group (TAG) blocks dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.
>1
Multiple Industries
CE
>1
Google, Threat Analysis Group, TAG
108
30/06/2022
30/05/2022
30/05/2022
LV
Cape Cod Regional Transit Authority (CCRTA)
The Cape Cod Regional Transit Authority (CCRTA) discloses to have been hit by an LV ransomware attack.
Researchers from Cyberint discover a new Xfiles stealer campaign exploiting the CVE-2022-30190 Vulnerability (Follina).
Malware
Multiple Industries
CC
>1
Cyberint, Xfiles, CVE-2022-30190, Follina
110
30/06/2022
Since late March 2021
Early 2022
SessionManager
Governments and and NGOs in Africa, South Asia, Europe and the Middle East
Researchers from Kaspersky reveal that attackers used SessionManager, a newly discovered malware, to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.
Targeted Attack
Public admin and defence, social security
CE
>1
Kaspersky, SessionManager, Microsoft Exchange
111
30/06/2022
During May 2022
Since 2019
MedusaLocker
Healthcare organizations
The Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) warn about a new wave of attacks by the MedusaLocker ransomware, exploiting vulnerable RDP configurations to access victims' networks.
Malware
Human health and social work
CC
US
Federal Bureau of Investigation, FBI, Cybersecurity and Infrastructure Security Agency, CISA, MedusaLocker, RDP, ransomware
112
30/06/2022
-
-
The 8220 gang
Multiple targets
Researchers from Microsoft reveal the details of a new campaign by the 8220 aimed to compromise Linux systems and install cryptomining malware, exploiting the Atlassian Confluence CVE-2022-26134 vulnerability.
CVE-2022-26134 vulnerability
Multiple Industries
CC
>1
8220, Linux, Atlassian Confluence, CVE-2022-26134
113
30/06/2022
-
May 2022
?
Undisclosed company
Researchers at CloudSEK reveal that a threat actor claims to have breached an undisclosed company exploiting a vulnerability in Jenkins.
Jenkins vulnerability
Unknown
CC
N/A
CloudSEK, Jenkins
114
30/06/2022
-
-
?
IBM
Researchers at CloudSEK reveal that a threat actor claims to have breached IBM exploiting a vulnerability in Jenkins.
Unknown
Professional, scientific and technical
CC
US
IBM, CloudSEK, Jenkins
115
30/06/2022
-
-
?
Stanford University
Researchers at CloudSEK reveal that that the same threat actor claims to have breached the Stanford University exploiting a vulnerability in WordPress.
WordPress plugin vulnerability
Education
CC
US
CloudSEK, Stanford University, WordPress
116
30/06/2022
-
-
?
Jozef Safarik University
Researchers at CloudSEK reveal that that the same threat actor claims to have breached the Jozef Safarik University.
Unknown
Education
CC
SK
CloudSEK, Jozef Safarik University
117
30/06/2022
-
-
?
Multiple governments
Researchers at CloudSEK reveal that that the same threat actor claims to have multiple governments.
Unknown
Public admin and defence, social security
CC
UA
UAE
PK
NP
BT
KE
LK
ID
CloudSEK
118
30/06/2022
Early December 2021
-
?
OrthoNebraska
OrthoNebraska discloses that in early December 2021, an unauthorized individual or individuals gained access to an email account, sent out spam messages and gained access to protected personal and health information.
Account Takeover
Human health and social work
CC
US
OrthoNebraska
119
30/06/2022
Between January 27 and February 7, 2022.
01/02/2022
?
Community of Hope D.C. (COHDC)
Community of Hope D.C. (COHDC) discloses to have suffered a data security incident involving unauthorized access to an email account of one employee.
Account Takeover
Human health and social work
CC
US
Community of Hope D.C., COHDC
120
30/06/2022
Recently'
Recently'
Black Basta
VMWare ESXi servers
Researchers from Uptycs reveal that they spotted a new Black Basta ransomware variant specifically targeting VMWare ESXi servers.
Malware
Multiple Industries
CC
>1
Uptycs, Black Basta, ransomware, VMWare ESXi
121
30/06/2022
-
-
PennyWise
Individuals
Researchers from Cyble discover Pennywise, an infostealer focused on stealing sensitive browser data and cryptocurrency wallets, distributed via YouTube videos.
Unauthorized access to Clairsol's portal, an Information Management (HIM), vendor results in some patients’ protected health information being acquired and exfiltrated.
Account Takeover
Professional, scientific and technical
CC
US
DarkFox, Clairsol
124
30/06/2022
-
-
DarkFox
Transriter
Unauthorized access to Transriter's portal, a medical transcription and document platform (owned by Diskriter), results in some patients’ protected health information being acquired and exfiltrated.
Account Takeover
Professional, scientific and technical
CC
US
DarkFox, Transriter, Diskriter
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
It's time to publish the statistics derived from the cyber attacks timelines of August (Part I and Part II), a month particularly active from an Information Security perspective, despite the Summer time. As always, let’s start from the Daily Trend Chart, which shows obviously an ...
August 2016 Cyber Attacks Statistics
February 2023 Cyber Attacks Statistics
2022 Cyber Attacks Statistics
16-28 February 2023 Cyber Attacks Timeline
Cloud-Native Threats in 2023
