The first cyber attacks timeline of July 2022 shows a sharp increase in the number of events. In this fortnight I have collected 131 entries, which represent the higher number in the last three months.
Ransomware continues to dominate the threat landscape, characterizing 33 out of 131 events (corresponding to 25.2%, a value substantially in line with 23% and 26.8% of the first and second fortnight of June respectively). On the other hand, what seems to be decreasing is the impact of vulnerabilities, that accounted for just 6 out of 131 events (a modest 4.58%), a sharp decrease compared to the double-digit percentages of the previous timelines.
Despite they did not achieve the level of the previous timelines, the attacks against Decentralized Finance platforms continued also in July. Crema Finance lost the equivalent of $8.8M (but 8M were returned by the attacker in exchange of a bounty). $8M is also the equivalent in cryptocurrency that was stolen from Uniswap, but in this case there have been no happy ending, at least so far.
The “special operation” in Ukraine continues to characterize the threat landscape from an Hacktivism, and Cyber Espionage standpoint. Multiple targets in Lithuania and Latvia (and in the United States as well) were hit with DDoS attacks launched by pro-Russia attackers, while in the opposite front, the IT Army of Ukraine launched a wave of attacks against at least 80 Russian cinemas. The Russian Space Institute was also hit by a separate operation.
The cyber espionage front is particularly crowded in this timeline, and not only for the multiple operations targeting Ukraine (for example the ones carried out by the Trickbot group). The list is particularly rich in this timeline, so my invite is to read the timeline and scroll all the details.
So, in turn, enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map July H1 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/07/2022
End of June 2022
End of June 2022
XakNet
DTEK
A Russian-speaking hacking group known as XakNet claims to have breached DTEK, Ukraine's biggest private energy conglomerate, and post screenshots on Telegram.
Unknown
Electricity, gas steam, air conditioning
H
UA
XakNet, DTEK, Ukraine, Russia, Telegram
2
01/07/2022
01/07/2022
01/07/2022
Kllnet
US Federal Tax Payment System (Payusatax.com)
The Russian cyber group Killnet claims to have taken down the website of the US Federal Tax Payment System (Payusatax.com) for five hours
DDoS
Public admin and defence, social security
H
US
Russia, Killnet, US Federal Tax Payment System, Payusatax.com
3
01/07/2022
26/02/2022
26/02/2022
Quantum
Professional Finance Company Inc. (PFC)
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a Quantum ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. 1.9 million individuals are affected.
Malware
Finance and insurance
CC
US
Professional Finance Company Inc, PFC, Quantum, Ransomware
4
01/07/2022
Since at least March 2022
-
Luna Moth
Multiple organizations
Researchers from Sygnia reveal the details of Luna Moth, a new data extortion group breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom.
Malware
Multiple Industries
CC
>1
Sygnia, Luna Moth
5
01/07/2022
Between February 9, 2021 and December 22, 2021
22/12/2021
?
ATC Healthcare Services
ATC Healthcare Services confirms that the company experienced a data breach after an unauthorized party gained access to sensitive patient information through multiple compromised employee email accounts
Account Takeover
Human health and social work
CC
US
ATC Healthcare Services
6
01/07/2022
-
-
Avos Locker
Christus Spohn Health System Corporation
Christus Spohn Health System Corporation files an official notice of a data breach following what appears to be a large-scale ransomware attack.
Malware
Human health and social work
CC
US
CHRISTUS Spohn Health System Corporation, Ransomware, Avos Locker
7
01/07/2022
Between March 19, 2022 and March 20, 2022
20/03/2022
?
Carolina Behavioral Health Alliance
Carolina Behavioral Health Alliance confirms that the company experienced a data breach after a ransomware attack.
Malware
Human health and social work
CC
US
Carolina Behavioral Health Alliance, ransomware
8
01/07/2022
Between November 5, 2021 and November 8, 2021
08/11/2021
?
East West Family of Companies
East West Family of Companies confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information stored on the company’s computer network.
Unknown
Real estate
CC
US
East West Family of Companies
9
01/07/2022
-
-
Everest
Amalfitana Gas
Amalfitana Gas, an Italian utility, is the victim of an Everest ransomware attack.
Malware
Electricity, gas steam, air conditioning
CC
IT
Amalfitana Gas, Everest, Ransomware
10
02/07/2022
Since 2019
During September 2021
Raspberry Robin
Hundreds of organizations from various industry sectors.
Microsoft reveals that the recently spotted Raspberry Robin worm has been found on the networks of hundreds of organizations from various industry sectors.
Malware
Multiple Industries
CC
>1
Microsoft, Raspberry Robin
11
02/07/2022
01/07/2022
01/07/2022
?
Twitter users
Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users' credentials.
Account Takeover
Individual
CC
>1
Twitter
12
02/07/2022
-
-
Vice Society
Pilton Community College
The Vice Society ransomware group leaks some data from the Pilton Community College.
Malware
Education
CC
UK
Vice Society, ransomware, Pilton Community College.
13
02/07/2022
-
-
Vice Society
De Montfort School
The Vice Society ransomware group leaks some data from the De Montfort School.
Malware
Education
CC
UK
Vice Society, ransomware, De Montfort School
14
02/07/2022
-
-
Vice Society
St Paul’s Catholic College
The Vice Society ransomware group leaks some data from the St Paul’s Catholic College
Malware
Education
CC
UK
Vice Society, ransomware, St Paul’s Catholic College
15
02/07/2022
-
-
Vice Society
Carmel College
The Vice Society ransomware group leaks some data from the Carmel College
Malware
Education
CC
UK
Vice Society, ransomware, Carmel College
16
02/07/2022
-
-
Vice Society
St Helens College
The Vice Society ransomware group leaks some data from the St Helens College
Malware
Education
CC
UK
Vice Society, ransomware, St Helens College
17
02/07/2022
-
-
Vice Society
Merseyside College
The Vice Society ransomware group leaks some data from the Merseyside College
Malware
Education
CC
UK
Vice Society, ransomware, Merseyside College
18
02/07/2022
-
-
Vice Society
Mossbourne Federation
The Vice Society ransomware group leaks some data from the Mossbourne Federation
Malware
Education
CC
UK
Vice Society, ransomware, Mossbourne Federation
19
03/07/2022
03/07/2022
03/07/2022
Spid3r
Space Research Institute of the Russian Academy of Sciences (IKI RAN).
The Anonymous-affiliated hacker group Spid3r claims to have breached Russia's primary institution for space exploration, the Space Research Institute of the Russian Academy of Sciences (IKI RAN).
Unknown
Education
H
RU
Anonymous, Spid3r, Space Research Institute of the Russian Academy of Sciences, IKI RAN
20
03/07/2022
03/07/2022
03/07/2022
?
British Army's Twitter and YouTube accounts
British Army's Twitter and YouTube accounts are hacked and altered to promote online crypto scams.
Account Takeover
Public admin and defence, social security
CC
UK
British Army, Twitter, YouTube
21
03/07/2022
02/07/2022
02/07/2022
?
Crema Finance
Decentralized finance platform Crema Finance announces that it was hacked and had about $8.8 million stolen during the attack. Few days after the attacker returns $8 million in stolen funds, and they are awarded a $1.68 million bounty.
Vulnerability
Fintech
CC
N/A
Crema Finance
22
03/07/2022
-
-
?
Individuals in Singapore
A new phishing scam surfaces in Singapore, where victims receive an email from the “Division of Transportation” saying that they have committed a traffic offence.
Account Takeover
Individual
CC
SG
Singapore, Division of Transportation
23
04/07/2022
Somewhere in 2022
Somewhere in 2022
ChinaDan
Shanghai National Police (SHGA)?
An anonymous threat actor, under the handle of ChinaDan, sells several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).
Unknown
Public admin and defence, social security
CC
CN
Shanghai National Police, SHGA, ChinaDan
24
04/07/2022
-
-
?
Undisclosed organization(s)
Google releases Chrome 103.0.5060.114 for Windows to address CVE-2022-2294, a high-severity zero-day vulnerability exploited by attackers in the wild.
Researchers from Malwarebytes disclose the details of a new phishing campaign on WhatsApp, scamming individuals who want to work in the United Kingdom.
Account Takeover
Individual
CC
>1
WhatsApp, UK, Visa
26
04/07/2022
04/07/2022
04/07/2022
al-Tahera
Mass Transit System Ltd
According to the Iran’s semi official Fars News Agency, a militant Palestinian group launched a cyber attack against Mass Transit System Ltd, a company involved in the construction of the Tel Aviv metro.
DDoS
Professional, scientific and technical
H
IL
Sabareen, Iran, Fars, al-Tahera, Mass Transit System Ltd
27
04/07/2022
02/07/2022
02/07/2022
?
Cedar Rapids Community School District
A cyberattack discovered over the holiday weekend causes the Cedar Rapids Community School District to suspend summer programming until July 11.
Unknown
Education
CC
US
Cedar Rapids Community School District
28
04/07/2022
-
-
?
Government and corporate entities across the finance, travel, hospital, legal, oil and gas and consultation industries in Middle East
Researchers from CloudSEK identify an extensive phishing campaign in which threat actors are impersonating the Ministry of Human Resources of the UAE government.
Account Takeover
Multiple Industries
CC
>1
CloudSEK, Ministry of Human Resources, UAE
29
04/07/2022
-
-
?
Kokikai Yasue Hospital
Kokikai Yasue Hospital announces that the personal information of up to 111,991 patients may have been leaked due to unauthorized access to the hospital computers.
Unknown
Human health and social work
CC
JP
Kokikai Yasue Hospital
30
04/07/2022
-
-
LockBit 3.0
FAAC Group
The Italian manufacturer of automatic gates FAAC Group is the first known victim of the LockBit 3.0 ransomware group.
Malware
Manufacturing
CC
IT
FAAC Group, LockBit 3.0, ransomware
31
05/07/2022
During May 2022
-
pompompurin
Mangatoon
Comic reading platform Mangatoon suffers a data breach that exposed information belonging to 23 million user accounts after a hacker stole it from an unsecured Elasticsearch database.
Misconfiguration
Arts entertainment, recreation
CC
CN
pompompurin, Mangatoon, Elasticsearch
32
05/07/2022
-
28/06/2022
?
BWI Airport Marriott
Hotel giant Marriott International confirms it was hit by another data breach after an unknown threat actor breached one of its properties (BWI Airport Marriott) and stole 20GB of files.
Unknown
Accommodation and food service
CC
US
BWI Airport Marriott
33
05/07/2022
SInce December 2021
'Recently'
IconBurst
Multiple organizations
Researchers from ReversingLabs uncover IconBurst, an NPM supply-chain attack dating back to December 2021 using typo-squatting to deliver dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites.
Malware
Multiple Industries
CC
>1
ReversingLabs, IconBurst, NPM
34
05/07/2022
-
-
RedAlert AKA N13V
Multiple organizations
A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks.
College of the Desert suffers from a cyberattack that brings down the school’s online services and campus phone lines.
Unknown
Education
CC
US
College of the Desert
36
05/07/2022
Since March 2022
During June 2022
ZelenskiyNFT
Individuals
Ukrainian open-source intelligence company Molfar publishes an investigation detailing how a firm called ZelenskiyNFT sold Ukrainian-themed NFTs allegedly to help the military and refugees, but instead seemed to have pocketed the money.
Crypto Scam
Individual
CC
UA
Molfar, ZelenskiyNFT, Ukraine, NFT
37
05/07/2022
-
-
Hive
Multiple organizations
Researchers from Microsoft discover a Hive ransomware variant written in Rust.
Malware
Multiple Industries
CC
>1
Microsoft, Hive, Ransomware, Rust
38
05/07/2022
Mid-May 2022
Mid-May 2022
Bitter
Military entities in Bangladesh
Researchers from Secuinfra reveal that an advanced persistent threat (APT) operating under the name of ‘Bitter’ continues to conduct cyber-attacks against military entities in Bangladesh.
Targeted Attack
Public admin and defence, social security
CE
BD
Secuinfra, Bitter
39
05/07/2022
11/01/2022
-
?
Southwest Health Center
Southwest Health Center discloses a data security incident that may have involved the personal and protected health information belonging to certain current and former employees.
Unknown
Human health and social work
CC
US
Southwest Health Center
40
05/07/2022
Since at least 19/05/2022
19/05/2022
APT29 AKA Cozy Bear, NOBELIUM, The Duke
Multiple organizations
Researchers from Palo Alto discover a new campaign by the APT29 threat group, shifting away from the Cobalt Strike post-exploitation toolkit, instead embracing Brute Ratel C4 (BRc4).
The Japan CERT (JPCERT) discover a new version of the VSingle malware, used by the Lazarus Group, able to retrieve the C2 servers information from GitHub.
Malware
Multiple Industries
CE
JP
Japan CERT, JPCERT, VSingle, Lazarus Group, GitHub
42
06/07/2022
Since May 2021
Since May 2021
North-Korean-backed threat actors
Healthcare and Public Health organizations.
The FBI, CISA, and the U.S. Treasury Department issue a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations.
Malware
Public admin and defence, social security
CC
US
FBI, CISA, U.S. Treasury Department, North Korea, Maui, ransomware
43
06/07/2022
03/07/2022
03/07/2022
?
SHI International
SHI International, a provider of Information Technology products and services, confirms that a malware attack hit its network over the weekend.
Malware
Professional, scientific and technical
CC
US
SHI International
44
06/07/2022
-
-
OrBit
Linux servers
Researchers from Intezer reveal the details of OrBit, a newly discovered Linux malware used to stealthily steal information from backdoored systems and infect all running processes on the machine.
Malware
Multiple Industries
CC
>1
Intezer, OrBit, Linux
45
06/07/2022
'In the past few days'
'In the past few days'
CuteBoi
Multiple organizations
Researchers from Checkmarx detect a burst of suspicious NPM users and packages automatically created, containing a crypominer: the eazyminer package, a JS wrapper around XMRig.
Malware
Multiple Industries
CC
>1
CuteBoi, Checkmarx, NPM, eazyminer, XMRig
46
06/07/2022
'Recently'
'Recently'
HavanaCrypt
Multiple organizations
Researchers from Trend Micro discover a new ransomware family, dubbed as HavanaCrypt, that disguises itself as a Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control server to circumvent detection.
Malware
Multiple Industries
CC
>1
Trend Micro, HavanaCrypt, Google Software Update, Microsoft
47
06/07/2022
Since June 2022
During June 2022
?
Multiple organizations
Researchers from Fortinet discover a campaign leveraging the recently disclosed Follina vulnerability (CVE-2022-30190) to distribute the Rozena backdoor on Windows systems.
CVE-2022-30190 Vulnerability (Follina)
Multiple Industries
CC
>1
Fortinet, Follina, CVE-2022-30190, Rozena
48
06/07/2022
Since the beginning of Q2 2022.
Since the beginning of Q2 2022.
Multiple threat actors
Law enforcement agencies
Researchers from Resecurity register an increase in malicious activity targeting law enforcement agencies.
Account Takeover
Public admin and defence, social security
CE
>1
Resecurity, law enforcement agencies
49
06/07/2022
Early July 2022
Early July 2022
?
Discord users
Researchers from Malwarebytes uncover a Discord phishing campaign sending users a message from friends or strangers accusing the user of sending explicit photos.
Account Takeover
Individual
CC
>1
Malwarebytes, Discord
50
06/07/2022
Early July 2022
Early July 2022
?
Amazon customers
Researchers from Check Point reveal that, in preparation for the Amazon Prime Day, cyber criminals are already targeting Prime shoppers in an attempt to deploy malware or steal sensitive information.
Account Takeover
Wholesale and retail
CC
>1
Check Point, Amazon Prime Day
51
06/07/2022
-
-
LockBit 3.0
ALPA
ALPA, an Italian chemical industry, is the victim of a LockBit 3.0 ransomware attack.
Researchers from IBM X-Force reveal the details of a phishing campaign delivering Meterpreter to Ukraine organizations, associated with the Trickbot group.
Targeted Attack
Multiple Industries
CE
UA
Trickbot, ITG23, Wizard Spider, DEV-0193, Conti, IBM X-Force, Ukraine, Russia
Researchers from IBM X-Force discover a campaign using a malicious Excel file to deliver AnchorMail, a backdoor developed by ITG23 and based on their AnchorDNS malware.
Public opinion primarily in France, Germany, Poland, and Turkey
Researchers from Recorded Future reveal that since at least May 2022, Russian influence networks have almost certainly been conducting several multifaceted information operations to undermine and divide the Western coalition supporting Ukraine.
Coordinated Inauthentic Behavior (CIB)
Individual
CW
FR
DE
PL
TR
Recorded Future, Russia, Ukraine
57
07/07/2022
During June 2022
22/06/2022
Tonto Team
Organizations in Russia
Researchers from Sentinel One discover a cluster of activities targeting organizations in Russia, primarily in the government and telco space, via the Bisonal remote access tool carried out by a Chinese state-sponsored cyber espionage group.
Targeted Attack
Multiple Industries
CE
RU
Sentinel One, Russia, China, Tonto Team
58
07/07/2022
-
-
Checkmate
Internet-exposed QNAP devices
NAS vendor QNAP warns customers to secure their devices against attacks using Checkmate ransomware to encrypt data.
Misconfiguration
Multiple Industries
CC
>1
NAS, QNAP, Checkmate, Ransomware
59
07/07/2022
Since over a year
-
TA578
Multiple organizations
Website owners are targeted with fake copyright infringement complaints that utilize Yandex Forms to distribute the IcedID banking malware.
Malware
Multiple Industries
CC
>1
Yandex Forms, IcedID, TA578
60
07/07/2022
07/07/2022
07/07/2022
?
Facebook and Instagram accounts of Disneyland
Disneyland officials investigate an incident in which the Facebook and Instagram accounts of the theme park were hacked and used to send several offensive messages.
Account Takeover
Arts entertainment, recreation
CC
US
Disneyland, Facebook, Instagram
61
07/07/2022
21/06/2022
21/06/2022
?
Flood monitoring system in Goa
A ransomware attack targets a flood monitoring system in Goa, India, demanding Bitcoin in return for decrypting the data.
Malware
Water supply, waste mgmt, remediation
CC
IN
Ransomware, Goa
62
07/07/2022
'Recently'
'Recently'
?
Russian users of Google Chrome, Opera, and Mozilla Firefox
Researchers from Zimperium discover ABCsoup, a wide range of malicious browser extensions with the same extension ID as that of Google Translate, deceiving users into believing that they have installed a legitimate extension.
Malicious Browser Extension
Individual
CC
RU
Zimperium, ABCsoup, Google Translate
63
07/07/2022
-
-
?
Multiple organizations
Researchers from Trend Micro reveal the details of a campaign targeting Azure Virtual Machines (VMs) and GitHub Actions (GHAs) to mine cryptocurrencies.
A hacker infiltrates the Booking account of the Marino Boutique Hotel in Lisbon, and has managed to steal almost half a million euros in false bookings.
Account Takeover
Accommodation and food service
CC
PT
Marino Boutique Hotel, PT
65
07/07/2022
06/07/2022
06/07/2022
?
Mattituck School District
Mattituck School District is hit with a ransomware attack.
Malware
Education
CC
US
Mattituck School District, ransomware
66
08/07/2022
08/07/2022
08/07/2022
Killnet
Multiple targets in Latvia
Latvia comes under an intense wave of cyberattacks carried out by the pro-Russian Killnet collective.
DDoS
Public admin and defence, social security
H
LV
Latvia, Killnet, Russia, Ukraine
67
08/07/2022
-
-
0mega
Multiple organizations
A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms.
Malware
Multiple Industries
CC
>1
0mega, ransomware
68
08/07/2022
08/07/2022
08/07/2022
?
Multiple organizations
Researchers from Crowdstrike uncover a phishing campaign where the attackers are impersonating well-known cybersecurity companies in callback phishing emails to gain initial access to corporate networks.
Account Takeover
Multiple Industries
CC
>1
Crowdstrike
69
08/07/2022
04/07/2022
04/07/2022
LockBit
La Poste Mobile
French mobile phone network La Poste Mobile is hit by a ransomware attack that has crippled its administrative and management services.
Malware
Information and communication
CC
FR
La Poste Mobile, ransomware, LockBit
70
08/07/2022
Between March 24, 2022 and April 16, 2022.
16/04/2022
?
Southern Environmental, Inc. (“SEI”)
Southern Environmental, Inc. (“SEI”) reports that the company experienced a data breach earlier this year after an unauthorized party gained access to sensitive consumer data contained on its network.
Unknown
Manufacturing
CC
US
Southern Environmental, Inc., SEI
71
08/07/2022
11/10/2021
11/10/2021
?
Family Practice Center (“FPC”)
Family Practice Center (“FPC”) files notice of a data security incident, when the company suffered an attempt to shut down its computer operations, which resulted in certain patient data being accessible to an unauthorized party.
Unknown
Human health and social work
CC
US
Family Practice Center, FPC
72
08/07/2022
29/11/2021
29/11/2021
?
Central Licensing Bureau
Central Licensing Bureau confirms that the company experienced a data breach following a ransomware attack.
Malware
Administration and support service
CC
US
Central Licensing Bureau, ransomware
73
08/07/2022
07/07/2022
07/07/2022
Killnet
Congress.gov
Killnet, a pro-Russian cybercrime group briefly attacks the Congress.gov website with a DDoS.
DDoS
Public admin and defence, social security
H
US
Killnet, Congress.gov, Russia, Ukraine
74
08/07/2022
-
-
BlackByte
Lamoille Health Partners
Lamoille Health Partners is hit with a BlackByte ransomware attack.
Malware
Human health and social work
CC
US
Lamoille Health Partners, BlackByte, ransomware
75
08/07/2022
-
-
BlackByte
Gateway Rehab
Gateway Rehab is hit with a BlackByte ransomware attack.
Malware
Human health and social work
CC
US
Gateway Rehab, BlackByte, ransomware
76
08/07/2022
08/07/2022
08/07/2022
?
Fondazione Edmund Mach
The Italian Fondazione Edmund Mach is hit with an unspecified cyber attack.
Unknown
Education
CC
IT
Fondazione Edmund Mach
77
08/07/2022
31/11/2021
-
?
Arlington Skin
Arlington Skin notifies 17,468 patients that their protected health information may have been accessed by unauthorized individuals in a security breach at business associate, Virtual Private Network Solutions (VPN Solutions).
The North Highland Company confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on North Highland’s network through a ransomware attack.
Malware
Administration and support service
CC
US
North Highland Company
79
09/07/2022
09/07/2022
09/07/2022
?
Ignitis Group
Ignitis Group, a Lithuanian energy company is hit with a DDoS attack.
DDoS
Electricity, gas steam, air conditioning
H
LT
Ignitis Group
80
10/07/2022
Since March 2022
-
Anubis
Internet-banking users in Brazil and Portugal
Internet-banking users in Brazil and Portugal are the victims of a large-scale phishing campaign leveraging the Anubis network.
Account Takeover
Finance and insurance
CC
BR
PT
Anubis
81
10/07/2022
-
-
?
WordFly
WordFly, a tech company providing digital marketing for dozens of the most popular cultural organizations in several countries, is hit with a ransomware attack.
Malware
Administration and support service
CC
US
WordFly, ransomware
82
11/07/2022
Early July 2022
Early July 2022
?
WhatsApp users
WhatsApp CEO Will Cathcart warns users of the popular messaging app to be on their guard after the WhatsApp Security Team discovered bogus apps delivering malware.
Malware
Individual
CC
>1
WhatsApp, Will Cathcart
83
11/07/2022
-
-
?
Individuals
The New York Department of Motor Vehicles warns customers that a phishing scam is using text messages that promise $1,500 in state fuel rebates to steal personal information.
Account Takeover
Individual
CC
US
New York Department of Motor Vehicles
84
11/07/2022
-
-
BianLian
Mooresville Schools
A new ransomware group dubbed BianLian claims to have hacked Mooresville Schools. The group claims to have stolen ~4,200 student records.
Malware
Education
CC
US
Ransomware, BianLian, Mooresville Schools
85
11/07/2022
Between 10/07/2022 and 11/07/2022
Between 10/07/2022 and 11/07/2022
?
Department of Indre-et-Loire
The Department of Indre-et-Loire is the victim of a computer attack. All of the local authority’s services were paralyzed.
Unknown
Public admin and defence, social security
CC
FR
Department of Indre-et-Loire
86
11/07/2022
10/07/2022
10/07/2022
?
Prefeitura Municipal de Itapemirim
The Prefeitura Municipal de Itapemirim in Brazil is hit with a ransomware attack.
Malware
Public admin and defence, social security
CC
BR
Prefeitura Municipal de Itapemirim, ransomware
87
12/07/2022
11/07/2022
11/07/2022
IT Army of Ukraine
At least 80 Russian cinemas, including Kinomax, Mori Cinema, Luxor and Almaz
Several Russian cinema chains are hit with a DDoS attack.
DDoS
Arts entertainment, recreation
H
RU
Kinomax, Mori Cinema, Luxor, Almaz
88
12/07/2022
Since September 2021
-
?
10,000 organizations worldwide
Researchers from Microsoft uncover a massive phishing campaign using adversary-in-the-middle (AiTM) to bypass MFA and access Microsoft 365 accounts.
Account Takeover
Multiple Industries
CC
>1
Microsoft, adversary-in-the-middle, AiTM, MFA, Microsoft 365
89
12/07/2022
-
-
Multiple threat actors
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA) orders agencies to patch CVE-2022-22047, a new Windows zero-day exploited in attacks in the wild.
CVE-2022-22047 Vulnerability
Multiple Industries
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, CVE-2022-22047, Windows
90
12/07/2022
11/07/2022
11/07/2022
?
Uniswap
Uniswap, a popular decentralized cryptocurrency exchange, looses close to $8 million worth of Ethereum in a sophisticated phishing attack.
Account Takeover
Fintech
CC
N/A
Uniswap, Ethereum
91
12/07/2022
'Recently'
'Recently'
?
European Central Bank
The European Central Bank says that its president, Christine Lagarde, was targeted in a hacking attempt but no information was compromised.
Targeted Attack
Extraterritorial orgs and bodies
CE
EU
European Central Bank, Christine Lagarde
92
12/07/2022
-
-
Qakbot AKA QBot, QuackBot and Pinkslipbot
Multiple organizations
Researchers from Zscaler discover a new variant of the Qakbot malware with additional features to avoid detection.
Malware
Multiple Industries
CC
>1
Zscaler, Qakbot, QBot, QuackBot and Pinkslipbot
93
12/07/2022
10/07/2022
10/07/2022
?
Deakin University
Deakin University discloses an incident in which a staff member’s username and password was hacked and used by an unauthorized person to access information held by a third-party provider. The personally identifiable information of nearly 47,000 current and past students is compromised.
Account Takeover
Education
CC
AU
Deakin University
94
12/07/2022
11/07/2022
11/07/2022
al-Tahera
Tel Aviv Municipality
The pro-Palestinian militant group al-Tahera defaces the website of the Tel Aviv Municipality.
Defacement
Mining and quarrying
H
IL
al-Tahera, Tel Aviv Municipality
95
12/07/2022
Since March 2022
-
ChromeLoader
Individuals
Researchers from Palo Alto Networks uncover a new variant of the ChromeLoader (AKA Choziosi Loader and ChromeBack) information-stealing malware.
Allied Urological Services discloses to have suffered an email phishing attack.
Account Takeover
Human health and social work
CC
US
Allied Urological Services
97
12/07/2022
Since at least six months
Since at least six months
Confucius
Pakistani government and military institutions
The Chinese cybersecurity company Antiy unveils a new series of attacks by the Indian APT Confucius against Pakistani government and military institutions.
Targeted Attack
Public admin and defence, social security
CE
PK
Antiy, Confucius, India, Pakistan
98
12/07/2022
-
05/05/2021
05/05/2021
Benson Health
Benson Health notifies 28,913 patients that some of their protected health information was potentially accessed or acquired in a cyberattack that was detected on May 5, 2021.
Unknown
Human health and social work
CC
US
Benson Health
99
13/07/2022
Since March 2022
Since March 2022
UAC-0056 (AKA UNC2589, TA471)
Government entities in Ukraine
Researchers from Malwarebytes reveal the details of the latest campaign by UAC-0056 targeting government entities in Ukraine with war-related topics and delivering the Cobalt Strike beacon,
A new Android malware family on the Google Play Store, named Autolycos, which secretly subscribes users to premium services, is downloaded over 3,000,000 times.
Malware
Individual
CC
>1
Android, Google Play Store, Autolycos
101
13/07/2022
03/07/2022
11/07/2022
BlackCat AKA ALPHV
Bandai Namco
Game publishing giant Bandai Namco confirms that they suffered a cyberattack that may have resulted in the theft of customers' personal data.
Malware
Arts entertainment, recreation
CC
JP
BlackCat, ALPHV, Ransomware, Bandai Namco
102
13/07/2022
-
-
Lilith
Unknown organization
A new ransomware operation is launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks.
Malware
Unknown
CC
N/A
Ransomware, Lilith
103
13/07/2022
-
-
?
Individuals
Researchers from Akamai discover a new PayPal phishing kit abusing legitimate WordPress sites.
Account Takeover
Individual
CC
>1
Akamai, PayPal, WordPress
104
13/07/2022
Since April 2021
-
?
Vulnerable WordPress sites
Researchers from Wordfence detect a massive campaign that scanned close to 1.6 million WordPress sites for the presence of Kaswara Modern WPBakery Page Builder, a vulnerable plugin that allows uploading files without authentication.
CVE-2021-24284 Vulnerability
Multiple Industries
CC
>1
Wordfence, WordPress, Kaswara Modern WPBakery Page Builder, CVE-2021-24284
105
13/07/2022
Since December 2021
Since December 2021
?
Google Workspace and Microsoft 365 users
Researchers from Inky detect a new campaign where cybercriminals are posing as Intuit's popular accounting software package QuickBooks to target Google Workspace and Microsoft 365 small business users in a voice-phishing scam.
Account Takeover
Multiple Industries
CC
>1
Inky, Intuit, QuickBooks, Google Workspace, Microsoft 365
106
13/07/2022
15/06/2022
15/06/2022
?
Colorado Springs Utilities
Colorado Springs Utilities says in an email to customers that sensitive data stored by a subcontractor had been accessed by an “unauthorized party” in June.
Unknown
Water supply, waste mgmt, remediation
CC
US
Colorado Springs Utilities
107
13/07/2022
Since March 2021
-
?
Government agencies of Afghanistan, India, Italy, Poland, and the United States
Researchers from Trellix discover a malicious campaign targeting government agencies of Afghanistan, India, Italy, Poland, and the United States since 2021
Targeted Attack
Public admin and defence, social security
CE
AF
IN
IT
PL
US
Trellix
108
13/07/2022
Since December 2021
Since December 2021
Transparent Tribe
Students at various educational institutions in India
Researchers from Cisco Talos reveal the details of a new campaign carried out by the Pakistani APT group known as Transparent Tribe, targeting students at various educational institutions in India at least since December 2021.
Targeted Attack
Education
CE
IN
Cisco Talos, Transparent Tribe, Pakistan
109
14/07/2022
Over the last 30 days
Over the last 30 days
Mantis
Almost a thousand organizations worldwide
Researchers from Cloudflare reveal the details of Mantis, a powerful botnet able to launch massive DDoS attacks.
DDoS
Multiple Industries
CC
>1
Cloudflare, Mantis
110
14/07/2022
Since more than a year
-
DEV-0530 AKA H0lyGh0st
Small businesses in various countries
Researchers from Microsoft reveal that for more than a year, North Korean hackers have been running a ransomware operation called H0lyGh0st, attacking small businesses in various countries.
Malware
Multiple Industries
CC
>1
Microsoft, North Korea, ransomware, H0lyGh0st, DEV-0530
111
14/07/2022
-
-
?
Multiple organizations
Researchers from Dragos reveal that a threat actor is infecting industrial control systems (ICS) with the Sality malware, to create a botnet through password "cracking" software for programmable logic controllers (PLCs).
Malware
Multiple Industries
CC
>1
Dragos, PLC, Sality
112
14/07/2022
Between January and February 2021 and in February 2022
-
TA412 AKA Zirconium
US-based journalists
Researchers from Proofpoint reveal the details of a campaign carried out by the Chinese threat group TA412 targeting US-based journalists,
Targeted Attack
Information and communication
CE
US
Proofpoint, TA412, China, ZIrconium
113
14/07/2022
Late April 2022
-
TA459
Media personnel in several countries
Researchers from Proofpoint reveal the details of a campaign carried out by the Chinese threat group TA459 targeting media personnel in several countries.
Targeted Attack
Information and communication
CE
>1
Proofpoint, TA459, China
114
14/07/2022
Early 2022
-
Lazarus Group AKA TA404
Undisclosed US-based media organization
Researchers from Proofpoint reveal the details of a campaign carried out by the North Korean threat group Lazarus Group (AKA TA404) targeting an undisclosed US-based media organization.
Targeted Attack
Information and communication
CE
US
Proofpoint, North Korea, Lazarus Group, TA404
115
14/07/2022
Early 2022
-
TA482
US-based journalists and media organizations
Proofpoint researchers observe a prolific Turkish threat actor, tracked as TA482, regularly engaging in credential harvesting campaigns that target the social media accounts of mostly US-based journalists and media organizations.
Account Takeover
Information and communication
CE
US
Proofpoint, TA482, Turkey
116
14/07/2022
Since February 2022
-
TA453 AKA Charming Kitten
Academics and policy experts working on Middle Eastern foreign affairs
Researchers from Proofpoint reveal the details of a campaign carried out by the Iranian group TA453, AKA Charming Kitten targeting academics and policy experts working on Middle Eastern foreign affairs.
Account Takeover
Information and communication
CE
>1
Proofpoint, TA453, Charming Kitten, Iran
117
14/07/2022
-
-
TA456 AKA Tortoiseshell
Individuals in the media sector
Researchers from Proofpoint reveal the details of a campaign carried out by the Iranian group TA456, AKA Tortoiseshell targeting individuals in the media sector.
Targeted Attack
Information and communication
CE
>1
Proofpoint, TA456, Tortoiseshell, Iran
118
14/07/2022
Since late 2021
-
TA457
Public relations personnel for companies located in the US, Israel, and Saudi Arabia
Researchers from Proofpoint reveal the details of a campaign carried out by the Iranian group TA457 targeting public relations personnel for companies located in the US, Israel, and Saudi Arabia.
Targeted Attack
Information and communication
CE
US
IL
SA
Proofpoint, Iran, TA457
119
14/07/2022
20/12/2021
-
?
Petersen International Underwriters (“PIU”)
Petersen International Underwriters (“PIU”) files an official notice of a data breach with various state governments following an incident in which an unauthorized party gained access to sensitive consumer data on the company’s network.
Unknown
Finance and insurance
CC
US
Petersen International Underwriters, PIU
120
14/07/2022
14/07/2022
14/07/2022
Russian Threat Actors?
alio.lt
Data of 345,000 customers might have been leaked after the Lithuanian ad website alio.lt is hit by a cyber attack. Fingers are pointed to possible Russian attackers.
Unknown
Other service activities
CC
LT
alio.lt, Russia
121
14/07/2022
-
15/11/2021
?
Centerspace
Centerspace provides a notice of a data breach after learning that an unauthorized party was able to access company files and that these files contained the personal information of certain consumers.
Unknown
Real estate
CC
US
Centerspace
122
14/07/2022
-
08/02/2022
?
Lawson Products
Lawson Products confirms that the company experienced a data breach, after detecting a cyber incident affecting its computer network.
Unknown
Manufacturing
CC
US
Lawson Products
123
14/07/2022
Between September 24, 2021, through May 5, 2022.
-
?
Hilton Garden Inn Cleveland Downtown
The Hilton Garden Inn Cleveland Downtown notifies customers that payment information may have been stolen from cards used in the food and beverage area of the hotel between September 24, 2021, through May 5, 2022.
Unknown
Accommodation and food service
CC
US
Hilton Garden Inn Cleveland Downtown
124
14/07/2022
During June 2022
During June 2022
?
University of Windsor
The University of Windsor confirms it has restored the "vast majority" of its systems following a cyber security breach that temporarily shut down its website.
Unknown
Education
CC
CA
University of Windsor
125
14/07/2022
-
-
SpyJoker
Android users
A new variant of the Android SpyJoker malware is removed from Play Store after 3 million+ installs.
Malware
Individual
CC
>1
Android, SpyJoker
126
14/07/2022
-
-
?
Crypto users
Researchers from Kaspersky discover a fake giveaway scam to steal cryptocurrency abusing the brand name of Nvidia.
Account Takeover
Fintech
CC
>1
Kaspersky, Nvidia
127
15/07/2022
From late December 2021 till the end of March 2022
-
?
Elastix VoIP telephony servers
Researchers from Palo Alto Networks uncover a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months.
CVE-2021-45461 Vulnerability
Multiple Industries
CC
>1
Palo Alto Networks, Elastix, VoIP, CVE-2021-45461
128
15/07/2022
-
-
?
Individuals in the US
Fraudsters are impersonating the US Immigration and Customs Enforcement (ICE) and US Citizenship and Immigration Services (USCIS) officers to trick their victims into giving them their money and personal information.
Account Takeover
Individual
CC
US
US Immigration and Customs Enforcement, ICE, US Citizenship and Immigration Services, USCIS
129
15/07/2022
-
-
?
Morgan Hunt
Morgan Hunt discloses a cyber security incident, in which one of its databases is accessed by an unauthorized third party, and some of the personal data contained on the accessed database may have been copied.
Unknown
Professional, scientific and technical
CC
UK
Morgan Hunt
130
15/07/2022
During the previous week
During the previous week
?
Narragansett Bay Commission
The Narragansett Bay Commission, a Rhode Island sewer-system operator, is hit with a ransomware attack.
Malware
Water supply, waste mgmt, remediation
CC
US
Narragansett Bay Commission, ransomware
131
15/07/2022
15/07/2022
15/07/2022
?
NFT artist DeeKay Kwon Twitter account
NFT artist DeeKay Kwon has his Twitter account hacked by scammers who managed to steal NFTs valued at $150,000 from his followers.
Account Takeover
Fintech
CC
KR
NFT, DeeKay Kwon, Twitter
132
15/07/2022
Between February 13, 2022 and February 23, 2022
February 2022
?
Gas South
Gas South reports that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network
Malware
Electricity, gas steam, air conditioning
CC
US
Gas South
133
15/07/2022
During February 2022
During February 2022
?
AllOne Health Resources
AllOne Health Resources confirms that the company experienced a data breach after an unauthorized party gained access to an employee’s email account.
Account Takeover
Finance and insurance
CC
US
AllOne Health Resources
134
15/07/2022
26/05/2022
26/05/2022
?
Northcentral University (NCU)
Northcentral University (NCU) confirms that the company experienced a data breach after detecting suspicious activity on its network.
Unknown
Education
CC
US
Northcentral University, NCU
135
15/07/2022
End of May 2022
End of May 2022
Avos Locker
College of MontMorency
The Canadian College of MontMorency is hit by an Avos Locker ransomware attack.
Malware
Education
CC
CA
College of MontMorency, Avos Locker, ransomware
136
15/07/2022
15/07/2022
15/07/2022
Attackers from Turkey
Twitter account for the City of Wichita
The official Twitter account for the city of Wichita is hacked by attackers coming from Turkey.
Account Takeover
Public admin and defence, social security
CC
US
Twitter, City of Wichita, Turkey
137
15/07/2022
-
30/11/2021
?
OrthoArizona
OrthoArizona starts notifying 2,748 individuals that their protected health information was exposed and potentially stolen in a cyberattack that was detected on October 30, 2021.
Unknown
Human health and social work
CC
US
OrthoArizona
138
15/07/2022
-
-
WatchDog
Multiple organizations
Researchers from Lacework reveal the details of a cryptojacking campaign using steganography.
Malware
Multiple Industries
CC
>1
Lacework, Steganography, WatchDog
139
15/07/2022
Since at least late June 2022
Late June 2022
?
Hotel industry in Latin America
Researchers from HP Wolf Security discover an unusually stealthy malware campaign that uses OpenDocument text files to distribute malware targeting the hotel industry in Latin America.
Malware
Accommodation and food service
CC
>1
HP Wolf Security, OpenDocument, Latin America.
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
Similarly to what I have done in 2021, I am collecting all the mega breaches (with more than 1 million records leaked). The information is derived from the cyber attacks timelines...
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.