1-15 July 2022 Cyber Attacks Timeline

Twitter

Facebook

Tumblr

Buffer

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

Follow @paulsparrows

Connect on Linkedin

The first cyber attacks timeline of July 2022 shows a sharp increase in the number of events. In this fortnight I have collected 131 entries, which represent the higher number in the last three months.

Ransomware continues to dominate the threat landscape, characterizing 33 out of 131 events (corresponding to 25.2%, a value substantially in line with 23% and 26.8% of the first and second fortnight of June respectively). On the other hand, what seems to be decreasing is the impact of vulnerabilities, that accounted for just 6 out of 131 events (a modest 4.58%), a sharp decrease compared to the double-digit percentages of the previous timelines.

Despite they did not achieve the level of the previous timelines, the attacks against Decentralized Finance platforms continued also in July. Crema Finance lost the equivalent of $8.8M (but 8M were returned by the attacker in exchange of a bounty). $8M is also the equivalent in cryptocurrency that was stolen from Uniswap, but in this case there have been no happy ending, at least so far.

The “special operation” in Ukraine continues to characterize the threat landscape from an Hacktivism, and Cyber Espionage standpoint. Multiple targets in Lithuania and Latvia (and in the United States as well) were hit with DDoS attacks launched by pro-Russia attackers, while in the opposite front, the IT Army of Ukraine launched a wave of attacks against at least 80 Russian cinemas. The Russian Space Institute was also hit by a separate operation.

The cyber espionage front is particularly crowded in this timeline, and not only for the multiple operations targeting Ukraine (for example the ones carried out by the Trickbot group). The list is particularly rich in this timeline, so my invite is to read the timeline and scroll all the details.

So, in turn, enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map July H1 2022

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/07/2022	End of June 2022	End of June 2022	XakNet	DTEK	A Russian-speaking hacking group known as XakNet claims to have breached DTEK, Ukraine's biggest private energy conglomerate, and post screenshots on Telegram.	Unknown	Electricity, gas steam, air conditioning	H	UA		XakNet, DTEK, Ukraine, Russia, Telegram
2	01/07/2022	01/07/2022	01/07/2022	Kllnet	US Federal Tax Payment System (Payusatax.com)	The Russian cyber group Killnet claims to have taken down the website of the US Federal Tax Payment System (Payusatax.com) for five hours	DDoS	Public admin and defence, social security	H	US		Russia, Killnet, US Federal Tax Payment System, Payusatax.com
3	01/07/2022	26/02/2022	26/02/2022	Quantum	Professional Finance Company Inc. (PFC)	Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a Quantum ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. 1.9 million individuals are affected.	Malware	Finance and insurance	CC	US		Professional Finance Company Inc, PFC, Quantum, Ransomware
4	01/07/2022	Since at least March 2022	-	Luna Moth	Multiple organizations	Researchers from Sygnia reveal the details of Luna Moth, a new data extortion group breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom.	Malware	Multiple Industries	CC	>1		Sygnia, Luna Moth
5	01/07/2022	Between February 9, 2021 and December 22, 2021	22/12/2021	?	ATC Healthcare Services	ATC Healthcare Services confirms that the company experienced a data breach after an unauthorized party gained access to sensitive patient information through multiple compromised employee email accounts	Account Takeover	Human health and social work	CC	US		ATC Healthcare Services
6	01/07/2022	-	-	Avos Locker	Christus Spohn Health System Corporation	Christus Spohn Health System Corporation files an official notice of a data breach following what appears to be a large-scale ransomware attack.	Malware	Human health and social work	CC	US		CHRISTUS Spohn Health System Corporation, Ransomware, Avos Locker
7	01/07/2022	Between March 19, 2022 and March 20, 2022	20/03/2022	?	Carolina Behavioral Health Alliance	Carolina Behavioral Health Alliance confirms that the company experienced a data breach after a ransomware attack.	Malware	Human health and social work	CC	US		Carolina Behavioral Health Alliance, ransomware
8	01/07/2022	Between November 5, 2021 and November 8, 2021	08/11/2021	?	East West Family of Companies	East West Family of Companies confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information stored on the company’s computer network.	Unknown	Real estate	CC	US		East West Family of Companies
9	01/07/2022	-	-	Everest	Amalfitana Gas	Amalfitana Gas, an Italian utility, is the victim of an Everest ransomware attack.	Malware	Electricity, gas steam, air conditioning	CC	IT		Amalfitana Gas, Everest, Ransomware
10	02/07/2022	Since 2019	During September 2021	Raspberry Robin	Hundreds of organizations from various industry sectors.	Microsoft reveals that the recently spotted Raspberry Robin worm has been found on the networks of hundreds of organizations from various industry sectors.	Malware	Multiple Industries	CC	>1		Microsoft, Raspberry Robin
11	02/07/2022	01/07/2022	01/07/2022	?	Twitter users	Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users' credentials.	Account Takeover	Individual	CC	>1		Twitter
12	02/07/2022	-	-	Vice Society	Pilton Community College	The Vice Society ransomware group leaks some data from the Pilton Community College.	Malware	Education	CC	UK		Vice Society, ransomware, Pilton Community College.
13	02/07/2022	-	-	Vice Society	De Montfort School	The Vice Society ransomware group leaks some data from the De Montfort School.	Malware	Education	CC	UK		Vice Society, ransomware, De Montfort School
14	02/07/2022	-	-	Vice Society	St Paul’s Catholic College	The Vice Society ransomware group leaks some data from the St Paul’s Catholic College	Malware	Education	CC	UK		Vice Society, ransomware, St Paul’s Catholic College
15	02/07/2022	-	-	Vice Society	Carmel College	The Vice Society ransomware group leaks some data from the Carmel College	Malware	Education	CC	UK		Vice Society, ransomware, Carmel College
16	02/07/2022	-	-	Vice Society	St Helens College	The Vice Society ransomware group leaks some data from the St Helens College	Malware	Education	CC	UK		Vice Society, ransomware, St Helens College
17	02/07/2022	-	-	Vice Society	Merseyside College	The Vice Society ransomware group leaks some data from the Merseyside College	Malware	Education	CC	UK		Vice Society, ransomware, Merseyside College
18	02/07/2022	-	-	Vice Society	Mossbourne Federation	The Vice Society ransomware group leaks some data from the Mossbourne Federation	Malware	Education	CC	UK		Vice Society, ransomware, Mossbourne Federation
19	03/07/2022	03/07/2022	03/07/2022	Spid3r	Space Research Institute of the Russian Academy of Sciences (IKI RAN).	The Anonymous-affiliated hacker group Spid3r claims to have breached Russia's primary institution for space exploration, the Space Research Institute of the Russian Academy of Sciences (IKI RAN).	Unknown	Education	H	RU		Anonymous, Spid3r, Space Research Institute of the Russian Academy of Sciences, IKI RAN
20	03/07/2022	03/07/2022	03/07/2022	?	British Army's Twitter and YouTube accounts	British Army's Twitter and YouTube accounts are hacked and altered to promote online crypto scams.	Account Takeover	Public admin and defence, social security	CC	UK		British Army, Twitter, YouTube
21	03/07/2022	02/07/2022	02/07/2022	?	Crema Finance	Decentralized finance platform Crema Finance announces that it was hacked and had about $8.8 million stolen during the attack. Few days after the attacker returns $8 million in stolen funds, and they are awarded a $1.68 million bounty.	Vulnerability	Fintech	CC	N/A		Crema Finance
22	03/07/2022	-	-	?	Individuals in Singapore	A new phishing scam surfaces in Singapore, where victims receive an email from the “Division of Transportation” saying that they have committed a traffic offence.	Account Takeover	Individual	CC	SG		Singapore, Division of Transportation
23	04/07/2022	Somewhere in 2022	Somewhere in 2022	ChinaDan	Shanghai National Police (SHGA)?	An anonymous threat actor, under the handle of ChinaDan, sells several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).	Unknown	Public admin and defence, social security	CC	CN		Shanghai National Police, SHGA, ChinaDan
24	04/07/2022	-	-	?	Undisclosed organization(s)	Google releases Chrome 103.0.5060.114 for Windows to address CVE-2022-2294, a high-severity zero-day vulnerability exploited by attackers in the wild.	CVE-2022-2294 Vulnerability	Unknown	N/A	N/A		Google, Chrome, 103.0.5060.114, Windows, CVE-2022-2294
25	04/07/2022	'Recently'	'Recently'	?	Individuals	Researchers from Malwarebytes disclose the details of a new phishing campaign on WhatsApp, scamming individuals who want to work in the United Kingdom.	Account Takeover	Individual	CC	>1		WhatsApp, UK, Visa
26	04/07/2022	04/07/2022	04/07/2022	al-Tahera	Mass Transit System Ltd	According to the Iran’s semi official Fars News Agency, a militant Palestinian group launched a cyber attack against Mass Transit System Ltd, a company involved in the construction of the Tel Aviv metro.	DDoS	Professional, scientific and technical	H	IL		Sabareen, Iran, Fars, al-Tahera, Mass Transit System Ltd
27	04/07/2022	02/07/2022	02/07/2022	?	Cedar Rapids Community School District	A cyberattack discovered over the holiday weekend causes the Cedar Rapids Community School District to suspend summer programming until July 11.	Unknown	Education	CC	US		Cedar Rapids Community School District
28	04/07/2022	-	-	?	Government and corporate entities across the finance, travel, hospital, legal, oil and gas and consultation industries in Middle East	Researchers from CloudSEK identify an extensive phishing campaign in which threat actors are impersonating the Ministry of Human Resources of the UAE government.	Account Takeover	Multiple Industries	CC	>1		CloudSEK, Ministry of Human Resources, UAE
29	04/07/2022	-	-	?	Kokikai Yasue Hospital	Kokikai Yasue Hospital announces that the personal information of up to 111,991 patients may have been leaked due to unauthorized access to the hospital computers.	Unknown	Human health and social work	CC	JP		Kokikai Yasue Hospital
30	04/07/2022	-	-	LockBit 3.0	FAAC Group	The Italian manufacturer of automatic gates FAAC Group is the first known victim of the LockBit 3.0 ransomware group.	Malware	Manufacturing	CC	IT		FAAC Group, LockBit 3.0, ransomware
31	05/07/2022	During May 2022	-	pompompurin	Mangatoon	Comic reading platform Mangatoon suffers a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database.	Misconfiguration	Arts entertainment, recreation	CC	CN		pompompurin, Mangatoon, Elasticsearch
32	05/07/2022	-	28/06/2022	?	BWI Airport Marriott	Hotel giant Marriott International confirms it was hit by another data breach after an unknown threat actor breached one of its properties (BWI Airport Marriott) and stole 20GB of files.	Unknown	Accommodation and food service	CC	US		BWI Airport Marriott
33	05/07/2022	SInce December 2021	'Recently'	IconBurst	Multiple organizations	Researchers from ReversingLabs uncover IconBurst, an NPM supply-chain attack dating back to December 2021 using typo-squatting to deliver dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.	Malware	Multiple Industries	CC	>1		ReversingLabs, IconBurst, NPM
34	05/07/2022	-	-	RedAlert AKA N13V	Multiple organizations	A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks.	Malware	Multiple Industries	CC	>1		Ransomware, RedAlert, N13V, Windows, Linux, VMWare ESXi
35	05/07/2022	05/07/2022	05/07/2022	?	College of the Desert	College of the Desert suffers from a cyberattack that brings down the school’s online services and campus phone lines.	Unknown	Education	CC	US		College of the Desert
36	05/07/2022	Since March 2022	During June 2022	ZelenskiyNFT	Individuals	Ukrainian open-source intelligence company Molfar publishes an investigation detailing how a firm called ZelenskiyNFT sold Ukrainian-themed NFTs allegedly to help the military and refugees, but instead seemed to have pocketed the money.	Crypto Scam	Individual	CC	UA		Molfar, ZelenskiyNFT, Ukraine, NFT
37	05/07/2022	-	-	Hive	Multiple organizations	Researchers from Microsoft discover a Hive ransomware variant written in Rust.	Malware	Multiple Industries	CC	>1		Microsoft, Hive, Ransomware, Rust
38	05/07/2022	Mid-May 2022	Mid-May 2022	Bitter	Military entities in Bangladesh	Researchers from Secuinfra reveal that an advanced persistent threat (APT) operating under the name of ‘Bitter’ continues to conduct cyber-attacks against military entities in Bangladesh.	Targeted Attack	Public admin and defence, social security	CE	BD		Secuinfra, Bitter
39	05/07/2022	11/01/2022	-	?	Southwest Health Center	Southwest Health Center discloses a data security incident that may have involved the personal and protected health information belonging to certain current and former employees.	Unknown	Human health and social work	CC	US		Southwest Health Center
40	05/07/2022	Since at least 19/05/2022	19/05/2022	APT29 AKA Cozy Bear, NOBELIUM, The Duke	Multiple organizations	Researchers from Palo Alto discover a new campaign by the APT29 threat group, shifting away from the Cobalt Strike post-exploitation toolkit, instead embracing Brute Ratel C4 (BRc4).	Targeted Attack	Multiple Industries	CE	>1		APT29, Cozy Bear, NOBELIUM, The Duke, Cobalt Strike, Brute Ratel C4, BRc4
41	05/07/2022	-	-	Lazarus Group	Multiple organizations in Japan	The Japan CERT (JPCERT) discover a new version of the VSingle malware, used by the Lazarus Group, able to retrieve the C2 servers information from GitHub.	Malware	Multiple Industries	CE	JP		Japan CERT, JPCERT, VSingle, Lazarus Group, GitHub
42	06/07/2022	Since May 2021	Since May 2021	North-Korean-backed threat actors	Healthcare and Public Health organizations.	The FBI, CISA, and the U.S. Treasury Department issue a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations.	Malware	Public admin and defence, social security	CC	US		FBI, CISA, U.S. Treasury Department, North Korea, Maui, ransomware
43	06/07/2022	03/07/2022	03/07/2022	?	SHI International	SHI International, a provider of Information Technology products and services, confirms that a malware attack hit its network over the weekend.	Malware	Professional, scientific and technical	CC	US		SHI International
44	06/07/2022	-	-	OrBit	Linux servers	Researchers from Intezer reveal the details of OrBit, a newly discovered Linux malware used to stealthily steal information from backdoored systems and infect all running processes on the machine.	Malware	Multiple Industries	CC	>1		Intezer, OrBit, Linux
45	06/07/2022	'In the past few days'	'In the past few days'	CuteBoi	Multiple organizations	Researchers from Checkmarx detect a burst of suspicious NPM users and packages automatically created, containing a crypominer: the eazyminer package, a JS wrapper around XMRig.	Malware	Multiple Industries	CC	>1		CuteBoi, Checkmarx, NPM, eazyminer, XMRig
46	06/07/2022	'Recently'	'Recently'	HavanaCrypt	Multiple organizations	Researchers from Trend Micro discover a new ransomware family, dubbed as HavanaCrypt, that disguises itself as a Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control server to circumvent detection.	Malware	Multiple Industries	CC	>1		Trend Micro, HavanaCrypt, Google Software Update, Microsoft
47	06/07/2022	Since June 2022	During June 2022	?	Multiple organizations	Researchers from Fortinet discover a campaign leveraging the recently disclosed Follina vulnerability (CVE-2022-30190) to distribute the Rozena backdoor on Windows systems.	CVE-2022-30190 Vulnerability (Follina)	Multiple Industries	CC	>1		Fortinet, Follina, CVE-2022-30190, Rozena
48	06/07/2022	Since the beginning of Q2 2022.	Since the beginning of Q2 2022.	Multiple threat actors	Law enforcement agencies	Researchers from Resecurity register an increase in malicious activity targeting law enforcement agencies.	Account Takeover	Public admin and defence, social security	CE	>1		Resecurity, law enforcement agencies
49	06/07/2022	Early July 2022	Early July 2022	?	Discord users	Researchers from Malwarebytes uncover a Discord phishing campaign sending users a message from friends or strangers accusing the user of sending explicit photos.	Account Takeover	Individual	CC	>1		Malwarebytes, Discord
50	06/07/2022	Early July 2022	Early July 2022	?	Amazon customers	Researchers from Check Point reveal that, in preparation for the Amazon Prime Day, cyber criminals are already targeting Prime shoppers in an attempt to deploy malware or steal sensitive information.	Account Takeover	Wholesale and retail	CC	>1		Check Point, Amazon Prime Day
51	06/07/2022	-	-	LockBit 3.0	ALPA	ALPA, an Italian chemical industry, is the victim of a LockBit 3.0 ransomware attack.	Malware	Professional, scientific and technical	CC	IT		ALPA, LockBit 3.0, ransomware
52	07/07/2022	Late April 2022	Late April 2022	Trickbot group, AKA ITG23, Wizard Spider, DEV-0193, Conti	Organizations in Ukraine	Researchers from IBM X-Force reveal the details of a phishing campaign delivering Meterpreter to Ukraine organizations, associated with the Trickbot group.	Targeted Attack	Multiple Industries	CE	UA		Trickbot, ITG23, Wizard Spider, DEV-0193, Conti, IBM X-Force, Ukraine, Russia
53	07/07/2022	Early May 2022	Early May 2022	Trickbot group, AKA ITG23, Wizard Spider, DEV-0193, Conti	Organizations in Ukraine	Researchers from IBM X-Force discover a campaign using a malicious Excel file to deliver AnchorMail, a backdoor developed by ITG23 and based on their AnchorDNS malware.	Targeted Attack	Multiple Industries	CE	UA		Trickbot, ITG23, Wizard Spider, DEV-0193, Conti, IBM X-Force, Ukraine, Russia, AnchorMail, AnchorDNS
54	07/07/2022	Late May or early June 2022	Late May or early June 2022	Trickbot group, AKA ITG23, Wizard Spider, DEV-0193, Conti	Organizations in Ukraine	Researchers from IBM X-Force identify an ITG23 campaign against Ukraine, using an ISO image file delivering Cobalt Strike.	Targeted Attack	Multiple Industries	CE	UA		Trickbot, ITG23, Wizard Spider, DEV-0193, Conti, IBM X-Force, Ukraine, Russia, Cobalt Strike
55	07/07/2022	Mid-June 2022	Mid-June 2022	Trickbot group, AKA ITG23, Wizard Spider, DEV-0193, Conti	Organizations in Ukraine	Researchers from IBM X-Force identify an additional campaign carried out by the Trickbot group delivering Cobalt Strike to Ukrainian organizations.	Targeted Attack	Multiple Industries	CE	UA		Trickbot, ITG23, Wizard Spider, DEV-0193, Conti, IBM X-Force, Ukraine, Russia, Cobalt Strike
56	07/07/2022	Since at least May 2022	-	Russia	Public opinion primarily in France, Germany, Poland, and Turkey	Researchers from Recorded Future reveal that since at least May 2022, Russian influence networks have almost certainly been conducting several multifaceted information operations to undermine and divide the Western coalition supporting Ukraine.	Coordinated Inauthentic Behavior (CIB)	Individual	CW	FR DE PL TR		Recorded Future, Russia, Ukraine
57	07/07/2022	During June 2022	22/06/2022	Tonto Team	Organizations in Russia	Researchers from Sentinel One discover a cluster of activities targeting organizations in Russia, primarily in the government and telco space, via the Bisonal remote access tool carried out by a Chinese state-sponsored cyber espionage group.	Targeted Attack	Multiple Industries	CE	RU		Sentinel One, Russia, China, Tonto Team
58	07/07/2022	-	-	Checkmate	Internet-exposed QNAP devices	NAS vendor QNAP warns customers to secure their devices against attacks using Checkmate ransomware to encrypt data.	Misconfiguration	Multiple Industries	CC	>1		NAS, QNAP, Checkmate, Ransomware
59	07/07/2022	Since over a year	-	TA578	Multiple organizations	Website owners are targeted with fake copyright infringement complaints that utilize Yandex Forms to distribute the IcedID banking malware.	Malware	Multiple Industries	CC	>1		Yandex Forms, IcedID, TA578
60	07/07/2022	07/07/2022	07/07/2022	?	Facebook and Instagram accounts of Disneyland	Disneyland officials investigate an incident in which the Facebook and Instagram accounts of the theme park were hacked and used to send several offensive messages.	Account Takeover	Arts entertainment, recreation	CC	US		Disneyland, Facebook, Instagram
61	07/07/2022	21/06/2022	21/06/2022	?	Flood monitoring system in Goa	A ransomware attack targets a flood monitoring system in Goa, India, demanding Bitcoin in return for decrypting the data.	Malware	Water supply, waste mgmt, remediation	CC	IN		Ransomware, Goa
62	07/07/2022	'Recently'	'Recently'	?	Russian users of Google Chrome, Opera, and Mozilla Firefox	Researchers from Zimperium discover ABCsoup, a wide range of malicious browser extensions with the same extension ID as that of Google Translate, deceiving users into believing that they have installed a legitimate extension.	Malicious Browser Extension	Individual	CC	RU		Zimperium, ABCsoup, Google Translate
63	07/07/2022	-	-	?	Multiple organizations	Researchers from Trend Micro reveal the details of a campaign targeting Azure Virtual Machines (VMs) and GitHub Actions (GHAs) to mine cryptocurrencies.	Misconfiguration	Multiple Industries	CC	>1		Trend Micro, Azure Virtual Machines, GitHub Actions
64	07/07/2022	Between 12 and 16 June	Between 12 and 16 June	?	Marino Boutique Hotel in Lisbon	A hacker infiltrates the Booking account of the Marino Boutique Hotel in Lisbon, and has managed to steal almost half a million euros in false bookings.	Account Takeover	Accommodation and food service	CC	PT		Marino Boutique Hotel, PT
65	07/07/2022	06/07/2022	06/07/2022	?	Mattituck School District	Mattituck School District is hit with a ransomware attack.	Malware	Education	CC	US		Mattituck School District, ransomware
66	08/07/2022	08/07/2022	08/07/2022	Killnet	Multiple targets in Latvia	Latvia comes under an intense wave of cyberattacks carried out by the pro-Russian Killnet collective.	DDoS	Public admin and defence, social security	H	LV		Latvia, Killnet, Russia, Ukraine
67	08/07/2022	-	-	0mega	Multiple organizations	A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms.	Malware	Multiple Industries	CC	>1		0mega, ransomware
68	08/07/2022	08/07/2022	08/07/2022	?	Multiple organizations	Researchers from Crowdstrike uncover a phishing campaign where the attackers are impersonating well-known cybersecurity companies in callback phishing emails to gain initial access to corporate networks.	Account Takeover	Multiple Industries	CC	>1		Crowdstrike
69	08/07/2022	04/07/2022	04/07/2022	LockBit	La Poste Mobile	French mobile phone network La Poste Mobile is hit by a ransomware attack that has crippled its administrative and management services.	Malware	Information and communication	CC	FR		La Poste Mobile, ransomware, LockBit
70	08/07/2022	Between March 24, 2022 and April 16, 2022.	16/04/2022	?	Southern Environmental, Inc. (“SEI”)	Southern Environmental, Inc. (“SEI”) reports that the company experienced a data breach earlier this year after an unauthorized party gained access to sensitive consumer data contained on its network.	Unknown	Manufacturing	CC	US		Southern Environmental, Inc., SEI
71	08/07/2022	11/10/2021	11/10/2021	?	Family Practice Center (“FPC”)	Family Practice Center (“FPC”) files notice of a data security incident, when the company suffered an attempt to shut down its computer operations, which resulted in certain patient data being accessible to an unauthorized party.	Unknown	Human health and social work	CC	US		Family Practice Center, FPC
72	08/07/2022	29/11/2021	29/11/2021	?	Central Licensing Bureau	Central Licensing Bureau confirms that the company experienced a data breach following a ransomware attack.	Malware	Administration and support service	CC	US		Central Licensing Bureau, ransomware
73	08/07/2022	07/07/2022	07/07/2022	Killnet	Congress.gov	Killnet, a pro-Russian cybercrime group briefly attacks the Congress.gov website with a DDoS.	DDoS	Public admin and defence, social security	H	US		Killnet, Congress.gov, Russia, Ukraine
74	08/07/2022	-	-	BlackByte	Lamoille Health Partners	Lamoille Health Partners is hit with a BlackByte ransomware attack.	Malware	Human health and social work	CC	US		Lamoille Health Partners, BlackByte, ransomware
75	08/07/2022	-	-	BlackByte	Gateway Rehab	Gateway Rehab is hit with a BlackByte ransomware attack.	Malware	Human health and social work	CC	US		Gateway Rehab, BlackByte, ransomware
76	08/07/2022	08/07/2022	08/07/2022	?	Fondazione Edmund Mach	The Italian Fondazione Edmund Mach is hit with an unspecified cyber attack.	Unknown	Education	CC	IT		Fondazione Edmund Mach
77	08/07/2022	31/11/2021	-	?	Arlington Skin	Arlington Skin notifies 17,468 patients that their protected health information may have been accessed by unauthorized individuals in a security breach at business associate, Virtual Private Network Solutions (VPN Solutions).	Unknown	Human health and social work	CC	US		Arlington Skin, Virtual Private Network Solutions, VPN Solutions
78	08/07/2022	-	06/06/2022	?	North Highland Company	The North Highland Company confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on North Highland’s network through a ransomware attack.	Malware	Administration and support service	CC	US		North Highland Company
79	09/07/2022	09/07/2022	09/07/2022	?	Ignitis Group	Ignitis Group, a Lithuanian energy company is hit with a DDoS attack.	DDoS	Electricity, gas steam, air conditioning	H	LT		Ignitis Group
80	10/07/2022	Since March 2022	-	Anubis	Internet-banking users in Brazil and Portugal	Internet-banking users in Brazil and Portugal are the victims of a large-scale phishing campaign leveraging the Anubis network.	Account Takeover	Finance and insurance	CC	BR PT		Anubis
81	10/07/2022	-	-	?	WordFly	WordFly, a tech company providing digital marketing for dozens of the most popular cultural organizations in several countries, is hit with a ransomware attack.	Malware	Administration and support service	CC	US		WordFly, ransomware
82	11/07/2022	Early July 2022	Early July 2022	?	WhatsApp users	WhatsApp CEO Will Cathcart warns users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps delivering malware.	Malware	Individual	CC	>1		WhatsApp, Will Cathcart
83	11/07/2022	-	-	?	Individuals	The New York Department of Motor Vehicles warns customers that a phishing scam is using text messages that promise $1,500 in state fuel rebates to steal personal information.	Account Takeover	Individual	CC	US		New York Department of Motor Vehicles
84	11/07/2022	-	-	BianLian	Mooresville Schools	A new ransomware group dubbed BianLian claims to have hacked Mooresville Schools. The group claims to have stolen ~4,200 student records.	Malware	Education	CC	US		Ransomware, BianLian, Mooresville Schools
85	11/07/2022	Between 10/07/2022 and 11/07/2022	Between 10/07/2022 and 11/07/2022	?	Department of Indre-et-Loire	The Department of Indre-et-Loire is the victim of a computer attack. All of the local authority’s services were paralyzed.	Unknown	Public admin and defence, social security	CC	FR		Department of Indre-et-Loire
86	11/07/2022	10/07/2022	10/07/2022	?	Prefeitura Municipal de Itapemirim	The Prefeitura Municipal de Itapemirim in Brazil is hit with a ransomware attack.	Malware	Public admin and defence, social security	CC	BR		Prefeitura Municipal de Itapemirim, ransomware
87	12/07/2022	11/07/2022	11/07/2022	IT Army of Ukraine	At least 80 Russian cinemas, including Kinomax, Mori Cinema, Luxor and Almaz	Several Russian cinema chains are hit with a DDoS attack.	DDoS	Arts entertainment, recreation	H	RU		Kinomax, Mori Cinema, Luxor, Almaz
88	12/07/2022	Since September 2021	-	?	10,000 organizations worldwide	Researchers from Microsoft uncover a massive phishing campaign using adversary-in-the-middle (AiTM) to bypass MFA and access Microsoft 365 accounts.	Account Takeover	Multiple Industries	CC	>1		Microsoft, adversary-in-the-middle, AiTM, MFA, Microsoft 365
89	12/07/2022	-	-	Multiple threat actors	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) orders agencies to patch CVE-2022-22047, a new Windows zero-day exploited in attacks in the wild.	CVE-2022-22047 Vulnerability	Multiple Industries	CC	US		Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-22047, Windows
90	12/07/2022	11/07/2022	11/07/2022	?	Uniswap	Uniswap, a popular decentralized cryptocurrency exchange, looses close to $8 million worth of Ethereum in a sophisticated phishing attack.	Account Takeover	Fintech	CC	N/A		Uniswap, Ethereum
91	12/07/2022	'Recently'	'Recently'	?	European Central Bank	The European Central Bank says that its president, Christine Lagarde, was targeted in a hacking attempt but no information was compromised.	Targeted Attack	Extraterritorial orgs and bodies	CE	EU		European Central Bank, Christine Lagarde
92	12/07/2022	-	-	Qakbot AKA QBot, QuackBot and Pinkslipbot	Multiple organizations	Researchers from Zscaler discover a new variant of the Qakbot malware with additional features to avoid detection.	Malware	Multiple Industries	CC	>1		Zscaler, Qakbot, QBot, QuackBot and Pinkslipbot
93	12/07/2022	10/07/2022	10/07/2022	?	Deakin University	Deakin University discloses an incident in which a staff member’s username and password was hacked and used by an unauthorized person to access information held by a third-party provider. The personally identifiable information of nearly 47,000 current and past students is compromised.	Account Takeover	Education	CC	AU		Deakin University
94	12/07/2022	11/07/2022	11/07/2022	al-Tahera	Tel Aviv Municipality	The pro-Palestinian militant group al-Tahera defaces the website of the Tel Aviv Municipality.	Defacement	Mining and quarrying	H	IL		al-Tahera, Tel Aviv Municipality
95	12/07/2022	Since March 2022	-	ChromeLoader	Individuals	Researchers from Palo Alto Networks uncover a new variant of the ChromeLoader (AKA Choziosi Loader and ChromeBack) information-stealing malware.	Malware	Individual	CC	>1		Palo Alto Networks, ChromeLoader, Choziosi Loader, ChromeBack
96	12/07/2022	Between September 26, 2021 and January 3, 2022	03/01/2022	?	Allied Urological Services	Allied Urological Services discloses to have suffered an email phishing attack.	Account Takeover	Human health and social work	CC	US		Allied Urological Services
97	12/07/2022	Since at least six months	Since at least six months	Confucius	Pakistani government and military institutions	The Chinese cybersecurity company Antiy unveils a new series of attacks by the Indian APT Confucius against Pakistani government and military institutions.	Targeted Attack	Public admin and defence, social security	CE	PK		Antiy, Confucius, India, Pakistan
98	12/07/2022	-	05/05/2021	05/05/2021	Benson Health	Benson Health notifies 28,913 patients that some of their protected health information was potentially accessed or acquired in a cyberattack that was detected on May 5, 2021.	Unknown	Human health and social work	CC	US		Benson Health
99	13/07/2022	Since March 2022	Since March 2022	UAC-0056 (AKA UNC2589, TA471)	Government entities in Ukraine	Researchers from Malwarebytes reveal the details of the latest campaign by UAC-0056 targeting government entities in Ukraine with war-related topics and delivering the Cobalt Strike beacon,	Targeted Attack	Public admin and defence, social security	CE	UA		Malwarebytes, UAC-0056, UNC2589, TA471, Cobalt Strike, Ukraine
100	13/07/2022	Since at least June 2021	During June 2021	Autolycos	Android users	A new Android malware family on the Google Play Store, named Autolycos, which secretly subscribes users to premium services, is downloaded over 3,000,000 times.	Malware	Individual	CC	>1		Android, Google Play Store, Autolycos
101	13/07/2022	03/07/2022	11/07/2022	BlackCat AKA ALPHV	Bandai Namco	Game publishing giant Bandai Namco confirms that they suffered a cyberattack that may have resulted in the theft of customers' personal data.	Malware	Arts entertainment, recreation	CC	JP		BlackCat, ALPHV, Ransomware, Bandai Namco
102	13/07/2022	-	-	Lilith	Unknown organization	A new ransomware operation is launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks.	Malware	Unknown	CC	N/A		Ransomware, Lilith
103	13/07/2022	-	-	?	Individuals	Researchers from Akamai discover a new PayPal phishing kit abusing legitimate WordPress sites.	Account Takeover	Individual	CC	>1		Akamai, PayPal, WordPress
104	13/07/2022	Since April 2021	-	?	Vulnerable WordPress sites	Researchers from Wordfence detect a massive campaign that scanned close to 1.6 million WordPress sites for the presence of Kaswara Modern WPBakery Page Builder, a vulnerable plugin that allows uploading files without authentication.	CVE-2021-24284 Vulnerability	Multiple Industries	CC	>1		Wordfence, WordPress, Kaswara Modern WPBakery Page Builder, CVE-2021-24284
105	13/07/2022	Since December 2021	Since December 2021	?	Google Workspace and Microsoft 365 users	Researchers from Inky detect a new campaign where cybercriminals are posing as Intuit's popular accounting software package QuickBooks to target Google Workspace and Microsoft 365 small business users in a voice-phishing scam.	Account Takeover	Multiple Industries	CC	>1		Inky, Intuit, QuickBooks, Google Workspace, Microsoft 365
106	13/07/2022	15/06/2022	15/06/2022	?	Colorado Springs Utilities	Colorado Springs Utilities says in an email to customers that sensitive data stored by a subcontractor had been accessed by an “unauthorized party” in June.	Unknown	Water supply, waste mgmt, remediation	CC	US		Colorado Springs Utilities
107	13/07/2022	Since March 2021	-	?	Government agencies of Afghanistan, India, Italy, Poland, and the United States	Researchers from Trellix discover a malicious campaign targeting government agencies of Afghanistan, India, Italy, Poland, and the United States since 2021	Targeted Attack	Public admin and defence, social security	CE	AF IN IT PL US		Trellix
108	13/07/2022	Since December 2021	Since December 2021	Transparent Tribe	Students at various educational institutions in India	Researchers from Cisco Talos reveal the details of a new campaign carried out by the Pakistani APT group known as Transparent Tribe, targeting students at various educational institutions in India at least since December 2021.	Targeted Attack	Education	CE	IN		Cisco Talos, Transparent Tribe, Pakistan
109	14/07/2022	Over the last 30 days	Over the last 30 days	Mantis	Almost a thousand organizations worldwide	Researchers from Cloudflare reveal the details of Mantis, a powerful botnet able to launch massive DDoS attacks.	DDoS	Multiple Industries	CC	>1		Cloudflare, Mantis
110	14/07/2022	Since more than a year	-	DEV-0530 AKA H0lyGh0st	Small businesses in various countries	Researchers from Microsoft reveal that for more than a year, North Korean hackers have been running a ransomware operation called H0lyGh0st, attacking small businesses in various countries.	Malware	Multiple Industries	CC	>1		Microsoft, North Korea, ransomware, H0lyGh0st, DEV-0530
111	14/07/2022	-	-	?	Multiple organizations	Researchers from Dragos reveal that a threat actor is infecting industrial control systems (ICS) with the Sality malware, to create a botnet through password "cracking" software for programmable logic controllers (PLCs).	Malware	Multiple Industries	CC	>1		Dragos, PLC, Sality
112	14/07/2022	Between January and February 2021 and in February 2022	-	TA412 AKA Zirconium	US-based journalists	Researchers from Proofpoint reveal the details of a campaign carried out by the Chinese threat group TA412 targeting US-based journalists,	Targeted Attack	Information and communication	CE	US		Proofpoint, TA412, China, ZIrconium
113	14/07/2022	Late April 2022	-	TA459	Media personnel in several countries	Researchers from Proofpoint reveal the details of a campaign carried out by the Chinese threat group TA459 targeting media personnel in several countries.	Targeted Attack	Information and communication	CE	>1		Proofpoint, TA459, China
114	14/07/2022	Early 2022	-	Lazarus Group AKA TA404	Undisclosed US-based media organization	Researchers from Proofpoint reveal the details of a campaign carried out by the North Korean threat group Lazarus Group (AKA TA404) targeting an undisclosed US-based media organization.	Targeted Attack	Information and communication	CE	US		Proofpoint, North Korea, Lazarus Group, TA404
115	14/07/2022	Early 2022	-	TA482	US-based journalists and media organizations	Proofpoint researchers observe a prolific Turkish threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that target the social media accounts of mostly US-based journalists and media organizations.	Account Takeover	Information and communication	CE	US		Proofpoint, TA482, Turkey
116	14/07/2022	Since February 2022	-	TA453 AKA Charming Kitten	Academics and policy experts working on Middle Eastern foreign affairs	Researchers from Proofpoint reveal the details of a campaign carried out by the Iranian group TA453, AKA Charming Kitten targeting academics and policy experts working on Middle Eastern foreign affairs.	Account Takeover	Information and communication	CE	>1		Proofpoint, TA453, Charming Kitten, Iran
117	14/07/2022	-	-	TA456 AKA Tortoiseshell	Individuals in the media sector	Researchers from Proofpoint reveal the details of a campaign carried out by the Iranian group TA456, AKA Tortoiseshell targeting individuals in the media sector.	Targeted Attack	Information and communication	CE	>1		Proofpoint, TA456, Tortoiseshell, Iran
118	14/07/2022	Since late 2021	-	TA457	Public relations personnel for companies located in the US, Israel, and Saudi Arabia	Researchers from Proofpoint reveal the details of a campaign carried out by the Iranian group TA457 targeting public relations personnel for companies located in the US, Israel, and Saudi Arabia.	Targeted Attack	Information and communication	CE	US IL SA		Proofpoint, Iran, TA457
119	14/07/2022	20/12/2021	-	?	Petersen International Underwriters (“PIU”)	Petersen International Underwriters (“PIU”) files an official notice of a data breach with various state governments following an incident in which an unauthorized party gained access to sensitive consumer data on the company’s network.	Unknown	Finance and insurance	CC	US		Petersen International Underwriters, PIU
120	14/07/2022	14/07/2022	14/07/2022	Russian Threat Actors?	alio.lt	Data of 345,000 customers might have been leaked after the Lithuanian ad website alio.lt is hit by a cyber attack. Fingers are pointed to possible Russian attackers.	Unknown	Other service activities	CC	LT		alio.lt, Russia
121	14/07/2022	-	15/11/2021	?	Centerspace	Centerspace provides a notice of a data breach after learning that an unauthorized party was able to access company files and that these files contained the personal information of certain consumers.	Unknown	Real estate	CC	US		Centerspace
122	14/07/2022	-	08/02/2022	?	Lawson Products	Lawson Products confirms that the company experienced a data breach, after detecting a cyber incident affecting its computer network.	Unknown	Manufacturing	CC	US		Lawson Products
123	14/07/2022	Between September 24, 2021, through May 5, 2022.	-	?	Hilton Garden Inn Cleveland Downtown	The Hilton Garden Inn Cleveland Downtown notifies customers that payment information may have been stolen from cards used in the food and beverage area of the hotel between September 24, 2021, through May 5, 2022.	Unknown	Accommodation and food service	CC	US		Hilton Garden Inn Cleveland Downtown
124	14/07/2022	During June 2022	During June 2022	?	University of Windsor	The University of Windsor confirms it has restored the "vast majority" of its systems following a cyber security breach that temporarily shut down its website.	Unknown	Education	CC	CA		University of Windsor
125	14/07/2022	-	-	SpyJoker	Android users	A new variant of the Android SpyJoker malware is removed from Play Store after 3 million+ installs.	Malware	Individual	CC	>1		Android, SpyJoker
126	14/07/2022	-	-	?	Crypto users	Researchers from Kaspersky discover a fake giveaway scam to steal cryptocurrency abusing the brand name of Nvidia.	Account Takeover	Fintech	CC	>1		Kaspersky, Nvidia
127	15/07/2022	From late December 2021 till the end of March 2022	-	?	Elastix VoIP telephony servers	Researchers from Palo Alto Networks uncover a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months.	CVE-2021-45461 Vulnerability	Multiple Industries	CC	>1		Palo Alto Networks, Elastix, VoIP, CVE-2021-45461
128	15/07/2022	-	-	?	Individuals in the US	Fraudsters are impersonating the US Immigration and Customs Enforcement (ICE) and US Citizenship and Immigration Services (USCIS) officers to trick their victims into giving them their money and personal information.	Account Takeover	Individual	CC	US		US Immigration and Customs Enforcement, ICE, US Citizenship and Immigration Services, USCIS
129	15/07/2022	-	-	?	Morgan Hunt	Morgan Hunt discloses a cyber security incident, in which one of its databases is accessed by an unauthorized third party, and some of the personal data contained on the accessed database may have been copied.	Unknown	Professional, scientific and technical	CC	UK		Morgan Hunt
130	15/07/2022	During the previous week	During the previous week	?	Narragansett Bay Commission	The Narragansett Bay Commission, a Rhode Island sewer-system operator, is hit with a ransomware attack.	Malware	Water supply, waste mgmt, remediation	CC	US		Narragansett Bay Commission, ransomware
131	15/07/2022	15/07/2022	15/07/2022	?	NFT artist DeeKay Kwon Twitter account	NFT artist DeeKay Kwon has his Twitter account hacked by scammers who managed to steal NFTs valued at $150,000 from his followers.	Account Takeover	Fintech	CC	KR		NFT, DeeKay Kwon, Twitter
132	15/07/2022	Between February 13, 2022 and February 23, 2022	February 2022	?	Gas South	Gas South reports that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network	Malware	Electricity, gas steam, air conditioning	CC	US		Gas South
133	15/07/2022	During February 2022	During February 2022	?	AllOne Health Resources	AllOne Health Resources confirms that the company experienced a data breach after an unauthorized party gained access to an employee’s email account.	Account Takeover	Finance and insurance	CC	US		AllOne Health Resources
134	15/07/2022	26/05/2022	26/05/2022	?	Northcentral University (NCU)	Northcentral University (NCU) confirms that the company experienced a data breach after detecting suspicious activity on its network.	Unknown	Education	CC	US		Northcentral University, NCU
135	15/07/2022	End of May 2022	End of May 2022	Avos Locker	College of MontMorency	The Canadian College of MontMorency is hit by an Avos Locker ransomware attack.	Malware	Education	CC	CA		College of MontMorency, Avos Locker, ransomware
136	15/07/2022	15/07/2022	15/07/2022	Attackers from Turkey	Twitter account for the City of Wichita	The official Twitter account for the city of Wichita is hacked by attackers coming from Turkey.	Account Takeover	Public admin and defence, social security	CC	US		Twitter, City of Wichita, Turkey
137	15/07/2022	-	30/11/2021	?	OrthoArizona	OrthoArizona starts notifying 2,748 individuals that their protected health information was exposed and potentially stolen in a cyberattack that was detected on October 30, 2021.	Unknown	Human health and social work	CC	US		OrthoArizona
138	15/07/2022	-	-	WatchDog	Multiple organizations	Researchers from Lacework reveal the details of a cryptojacking campaign using steganography.	Malware	Multiple Industries	CC	>1		Lacework, Steganography, WatchDog
139	15/07/2022	Since at least late June 2022	Late June 2022	?	Hotel industry in Latin America	Researchers from HP Wolf Security discover an unusually stealthy malware campaign that uses OpenDocument text files to distribute malware targeting the hotel industry in Latin America.	Malware	Accommodation and food service	CC	>1		HP Wolf Security, OpenDocument, Latin America.
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

August 2022 Cyber Attacks Statistics
After the corresponding cyber attacks timelines, it’s time to publish the statistics of August 2022 where I have collected and analyzed...
16-31 August 2022 Cyber Attacks Timeline
The growing trend of attacks continued also in the second half of August, where I collected...
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.
2020 Cyber Attacks Statistics
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
16-31 March 2022 Cyber Attacks Timeline
The 138 events recorded in this timeline represent a new 12 months high. This is one of the effect of the...

The Biggest Data Breaches of 2022

Click Here

Leaky Buckets in 2022

Click Here

Cloud-Native Threats in 2022

Click Here

Tweets by paulsparrows

Related Posts

Leave a Reply Cancel reply