16-31 July 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

The second cyber attacks timeline of July 2022 confirms the sustained level of activity. In this fortnight I have collected 139 entries, once again the higher number in the last three months.

Ransomware continues to dominate the threat landscape, characterizing 21 out of 139 events (corresponding to 15.1%, a sharp decrease compared to 25.2%, of the previous timeline). 13 out of 139 events were characterized by the exploitation of vulnerabilities (corresponding to 9.35%, more than the double of 4.58% of the previous fortnight).

16-31 July 2023 Cyber Attacks Timeline

New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during…

A trend that is characterizing this 2022, is the growing number of attacks against Decentralized Finance (DeFi) platforms. Unsurprisingly this trend continued also in the second half of July with three organizations (Nirvana Finance, Audius, and Premint NFT) losing a total of nearly $22M worth of cryptocurrency.

Another interesting event of this timeline is the massive breach suffered by Neopets, leading the exposure of 69 million members.

The hybrid warfare in Ukraine continues to characterize the threat landscape, despite with a minor impact than the previous months. Interestingly no operation against Russia was recorded in this fortnight, whereas Ukraine was flooded by multiple operations carried out by known threat actors and newcomers such as: Coldriver, Turla, Armagedon, UAC-0041, UNC2589, and GhostWriter.

And besides Ukraine, as usual the cyber espionage front is rich of events, for example Belgium revealed to have suffered three attacks from the Chinese threat actors APT27, APT30, APT31, and Gallium. Other interesting campaigns include the one carried out by APT29, exploiting cloud services and targeting a Nato country in Europe, and also the one carried out by APT36 and targeting high-value organizations in the Czech Republic, Poland, and other European countries.

So, in turn, enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map July H2 2022

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/07/2022	-	-	?	Securities and Exchange Board of India (SEBI)	The Securities and Exchange Board of India (Sebi) discloses a phishing incident.	Account Takeover	Public admin and defence, social security	CC	IN		The Securities and Exchange Board of India, SEBI
2	17/07/2022	17/07/2022	17/07/2022	?	Government websites in Albania	The government of Albania is forced to take its websites offline due to a cyberattack.	Unknown	Public admin and defence, social security	CC	AL		Albania
3	17/07/2022	17/07/2022	17/07/2022	?	Premint NFT	The popular NFT platform, Premint NFT, is hacked, with the threat actors compromising its official website and stole 314 NFTs.	Malicious Script Injection	Fintech	CC	N/A		Premint NFT
4	17/07/2022	-	17/07/2022	?	Roblox Corporation	A hacker posts a 4Gb archive of what appears to be a cache of internal documents stolen from an employee who works for the massively popular gaming platform Roblox	Account Takeover	Arts entertainment, recreation	CC	US		Roblox
5	18/07/2022	04/07/2022	04/07/2022	Roaming Mantis	Android and iOS users in France	Researchers from Sekoia discover a new campaign carried out by the Roaming Mantis group, dropping on Android devices the XLoader (MoqHao) payload, a remote access, information stealing, and SMS spamming malware.	Malware	Individual	CC	FR		Sekoia, Roaming Mantis, Android, XLoader, MoqHao
6	18/07/2022	Since October 2021	-	Multiple threat actors	Cryptocurrency users in the US	The FBI warns that cybercriminals use fraudulent cryptocurrency investment applications to steal funds from US investors.	Malware	Fintech	CC	US		FBI, cryptocurrency
7	18/07/2022	Since at least January 18, 2022	-	?	80 restaurants using the MenuDrive and and 74 using the Harbortouch online ordering platforms	Researchers from Recorded Future reveal the details of a Magecart campaign targeting 80 restaurants using the MenuDrive and and 74 using the Harbortouch online ordering platforms.	Malicious Script Injection	Accommodation and food service	CC	US		Recorded Future, Magecart, MenuDrive, Harbortouch
8	18/07/2022	Since at least November 12, 2021	-	?	157 restaurants using the InTouchPOS online ordering platform	Researchers from Recorded Future reveal the details of a Magecart campaign targeting 157 restaurants using the InTouchPOS online ordering platform.	Malicious Script Injection	Accommodation and food service	CC	US		Recorded Future, Magecart, InTouchPOS
9	18/07/2022	-	-	APT27	Belgium defense and interior ministries	The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including APT27, targeted the country's defense and interior ministries.	Targeted Attack	Public admin and defence, social security	CE	BE		Minister for Foreign Affairs of Belgium, APT27
10	18/07/2022	-	-	APT30	Belgium defense and interior ministries	The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including APT30, targeted the country's defense and interior ministries.	Targeted Attack	Public admin and defence, social security	CE	BE		Minister for Foreign Affairs of Belgium, APT30
11	18/07/2022	-	-	APT31	Belgium defense and interior ministries	The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including APT31, targeted the country's defense and interior ministries.	Targeted Attack	Public admin and defence, social security	CE	BE		Minister for Foreign Affairs of Belgium, APT31
12	18/07/2022	-	-	Gallium, AKA Softcell, and UNSC 2814	Belgium defense and interior ministries	The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including Gallium, targeted the country's defense and interior ministries.	Targeted Attack	Public admin and defence, social security	CE	BE		Minister for Foreign Affairs of Belgium, Gallium, Softcell, UNSC 2814
13	18/07/2022	'Recently'	'Recently'	Joker	Android users	Researches from Zscaler discover 50 apps infected with the Joker malware downloaded over 300,000 times.	Malware	Individual	CC	>1		Zscaler, Joker, Android
14	18/07/2022	'Recently'	'Recently'	Facestealer	Android users	Researches from Zscaler discover a new wave of infections in the Google Play store carried out via the Facesteaer malware, downloaded about 5,000 times.	Malware	Individual	CC	>1		Zscaler, Facestealer, Android
15	18/07/2022	'Recently'	'Recently'	Coper	Android users	Researches from Zscaler discover a new wave of infections in the Google Play store carried out via the Coper malware.	Malware	Individual	CC	>1		Zscaler, Coper, Android
16	18/07/2022	Over the last month	Over the last month	The 8220 Gang	Multiple organizations	Researchers from Sentinel One reveal the details of the latest campaign by the 8220 gang, exploiting Linux and cloud app vulnerabilities, such as Docker, Redis, Confluence, and Apache, to grow their botnet to more than 30,000 infected hosts.	Misconfiguration	Multiple Industries	CC	>1		Sentinel One, 8220, Docker, Redis, Confluence, Apache
17	18/07/2022	-	16/07/2022	LockBit	Town of Frederick	The police department of the town of Frederick, Colorado says it is investigating claims that the town government was hit with a LockBit ransomware attack.	Malware	Public admin and defence, social security	CC	US		City of Frederick, LockBit, Ransomware
18	18/07/2022	-	-	?	Cleartrip	Popular Indian flight booking site Cleartrip announces a data breach involving the unauthorized access to the information of an unknown number of victims.	Unknown	Accommodation and food service	CC	IN		Cleartrip
19	18/07/2022	Between October 2020 and November 2021	-	Thai Government?	At least 30 political activists in Thailand	At least 30 political activists in Thailand have been hacked using Israeli surveillance spyware Pegasus by NSO Group, according to a joint investigation by human rights and cyber monitoring groups.	Targeted Attack	Individual	CE	TH		Pegasus, NSO Group, Thailand
20	18/07/2022	17/07/2022	17/07/2022	Altahrea Team	Israel's Health Ministry	Israel's Health Ministry is taken down by a DDoS attack launched by the pro-Iranian group Altahrea Team.	DDoS	Public admin and defence, social security	H	IL		Israel, Health Ministry, Altahrea Team.
21	18/07/2022	17/07/2022	17/07/2022	?	Zabicall	Zabicall, a South Korean call taxi system is hit with a ransomware attack.	Malware	Transportation and storage	CC	KR		Zabicall, ransomware
22	18/07/2022	26/02/2022	26/02/2022	?	Louisiana Public Facilities Authority (LPFA)	Louisiana Public Facilities Authority (LPFA) is hit with a ransomware attack.	Malware	Public admin and defence, social security	CC	US		Louisiana Public Facilities Authority, LPFA, ransomware
23	19/07/2022	'Recently'	'Recently'	Turla	Android users in Ukraine	Researchers from the Google's Threat Analysis Group (TAG) reveal that the Russian group Turla distributed a malicious Android app in disguise of a tool performing Denial of Service (DoS) attacks against a set of Russian websites and distributed from a domain spoofing the Ukrainian Azov Regiment.	Malware	Individual	CW	UA		Google's Threat Analysis Group, TAG, Russia, Ukraine, Turla, Azov
24	19/07/2022	'Recently'	'Recently'	Ghostwriter AKA UNC1151	Accounts of webmail and social media networks of Polish users	Researchers from the Google's Threat Analysis Group (TAG) discover a campaign carried out by the Belarusian threat actor Ghostwriter targeting accounts of webmail and social media networks of Polish users via 'Browser in the Browser' attacks.	Account Takeover	Individual	CW	PL		Google's Threat Analysis Group, TAG, Belarus, Ghostwriter, UNC1151, Ukraine
25	19/07/2022	'Recently'	'Recently'	COLDRIVER AKA Callisto	Government and defense officials, politicians, NGOs and think tanks, and journalists	Researchers from the Google's Threat Analysis Group (TAG) reveal that the Russian threat actor COLDRIVER continues to send credential phishing emails to targets including government and defense officials, politicians, NGOs and think tanks, and journalists.	Account Takeover	Individual	CE	UA		Google's Threat Analysis Group, TAG, Russia, Ukraine, COLDRIVER, Callisto
26	19/07/2022	Since at least February, 4, 2022	During April 2022	CloudMensis	Multiple organizations	Researchers from ESET discover a previously unknown macOS backdoor that spies on users of compromised Macs and abuses cloud storage services to deliver the malware.	Malware	Multiple Industries	CE	>1		ESET, macOS, Macs, CloudMensis
27	19/07/2022	During May 2022	24/05/2022	APT29 AKA Cozy Bear, NOBELIUM, The Duke, Cloaked Ursa	NATO Country in Europe	Researchers from Palo Alto reveal the details of a new cyber espionage campaign carried out by the Russian threat actor APT29 targeting a Nato country in Europe.	Targeted Attack	Public admin and defence, social security	CE	N/A		APT29, Cozy Bear, NOBELIUM, The Duke, Cloaked Ursa, Palo Alto Networks
28	19/07/2022	29/06/2022	16/07/2022	Black Basta	Knauf	The building materials giant Knauf is hit by a Black Basta ransomware attack.	Malware	Manufacturing	CC	DE		Knauf, Ransomware, Black Basta
29	19/07/2022	-	-	?	Vista Bank	Vista Bank reports a data breach resulting in the names, Social Security numbers and financial information of 14,418 individuals being compromised.	Unknown	Finance and insurance	CC	US		Vista Bank
30	19/07/2022	During June 2022	-	Qakbot AKA QBot, QuackBot and Pinkslipbot	Multiple organizations	Researchers from Fortinet discover a campaign spreading a new variant of QakBot via attached HTML files.	Malware	Multiple Industries	CC	>1		Qakbot, QBot, QuackBot, Pinkslipbot, Fortinet
31	19/07/2022	-	-	Desorden	Better Way Thailand Company Limited	Desorden claims to have breached Better Way Thailand Company Limited, a personal care products and cosmetics distributor, and stolen 180 GB of data and 60 GB of files, affecting more than 20 million individuals.	Undisclosed vulnerabilities	Wholesale and retail	CC	TH		Desorden, Better Way Thailand Company Limited
32	19/07/2022	17/07/2022	17/07/2022	?	Minamiboso City Board of Education	The Minamiboso City Board of Education confirms to have been hit with a ransomware attack.	Malware	Education	CC	JP		Minamiboso City Board of Education, ransomware
33	20/07/2022	Since 24/02/2022	-	Ghostwriter AKA UNC1151	Ukrainian civilians	Researchers from Mandiant disclose a campaign by the Belarusian group Ghostwriter targeting Ukrainian civilians spoofing humanitarian information on evacuation procedures.	Malware	Individual	CE	UA		Ghostwriter, UNC1151, Ukraine, Mandiant
34	20/07/2022	Since 24/02/2022	-	UNC2589	Ukrainian civilians	Researchers from Mandiant disclose a campaign by the pro-Russian group UNC2589 targeting Ukrainian civilians spoofing humanitarian information on evacuation procedures.	Malware	Individual	CE	UA		UNC2589, Mandiant
35	20/07/2022	-	19/07/2022	TarTarX	Neopets	Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members.	Unknown	Arts entertainment, recreation	CC	CN		Neopets, TarTarX
36	20/07/2022	-	-	?	Multiple organizations	Researchers from Malwarebytes discover a malvertising campaign leading to a Windows support scam site.	Malvertising	Multiple Industries	CC	>1		Malvertising
37	20/07/2022	During June 2022	During June 2022	Luna	Multiple organizations	Researchers from Kaspersky reveal the details of Luna, a new malware operation targeting several operating systems, including Windows, Linux, and ESXi systems.	Malware	Multiple Industries	CC	>1		Kaspersky, Luna, Ransomware
38	20/07/2022	-	-	APT37	High-value organizations in the Czech Republic, Poland, and other European countries	Researchers from Securonix reveal the details of STIFF#BIZON, a campaign carried out by the North Korean APT37 group, targeting high-value organizations in the Czech Republic, Poland, and other European countries using the Konni remote access tool.	Targeted Attack	Multiple Industries	CE	CZ PL		Securonix, STIFF#BIZON, Konni, North Korea, APT37
39	20/07/2022	-	-	LockBit	Undisclosed organization	Researchers from Symantec Broadcom discover a new attack technique by the LockBit ransomware gang, carried out identifying domain-related information, creating a Group Policy for lateral movement, and executing a command on all systems within the same domain to forcefully update group policy.	Malware	Unknown	CC	N/A		Symantec, Broadcom, Symantec
40	20/07/2022	Since May 2022	-	Atlas Intelligence Group (A.I.G), aka Atlantis Cyber-Army	Researchers from Cyberint	Researchers from Cyberint reveal the details of the Atlas Intelligence Group (A.I.G), an emerging for-hire organization offering a range of services, including exclusive data leaks, DDoS and RDP.	>1	Multiple Industries	CC	>1		Cyberint, Atlantis Cyber-Army, Atlas Intelligence Group, A.I.G
41	20/07/2022	-	-	?	Waterloo Region District School Board	The Waterloo Region District School Board says it’s working to restore its IT system and safeguard personal information of staff, students and families after it was the target of a cyberattack.	Unknown	Education	CC	CA		Waterloo Region District School Board
42	20/07/2022	-	-	?	Bronx Accountable Healthcare Network	The Bronx Accountable Healthcare Network notifies about a hacking incident involving email that impacted 17,161 patients.	Account Takeover	Human health and social work	CC	US		Bronx Accountable Healthcare Network
43	20/07/2022	-	-	?	Individuals in Massachusetts	The Department of Transitional Assistance (DTA) in Massachusetts issues a warning to residents about hacked ATM and card processing machines that have been cloning and stealing information off of credit, debit and Electronic Benefit Transfer (EBT) cards.	ATM skimming	Finance and insurance	CC	US		Department of Transitional Assistance, DTA, Massachusetts, ATM
44	21/07/2022	Since at least 28/04/2022	28/04/2022	Russian state-sponsored actors	Undisclosed software development company	Researchers from Cisco Talos reveal the details of a campaign targeting a large software development company in Ukraine via the GoMet backdoor.	Malware	Professional, scientific and technical	CE	UA		Cisco Talos, Ukraine, Russia, GoMet
45	21/07/2022	21/07/2022	21/07/2022	?	TAVR Media	Ukrainian media group TAVR Media confirms that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care.	Unknown	Information and communication	CW	UA		Ukraine, TAVR Media, President Zelenskiy
46	21/07/2022	18/06/2022	18/06/2022	?	Entrust	Digital security giant Entrust confirms that it suffered a ransomware attack where threat actors breached their network and stole data from internal systems.	Malware	Professional, scientific and technical	CC	US		Entrust, Ransomware
47	21/07/2022	-	-	Lightning Framework	Linux systems	Researchers from Intezer Labs reveal the details of a previously undetected malware dubbed 'Lightning Framework' that targets Linux systems.	Malware	Multiple Industries	CC	>1		Intezer Labs, Lightning Framework, Linux
48	21/07/2022	-	-	Qakbot AKA QBot, QuackBot and Pinkslipbot	Multiple organizations	Researchers from Cyble disclose the details of the latest Qbot campaign, where the operators of the malware have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software.	Malware	Multiple Industries	CC	>1		Qakbot, QBot, QuackBot, Pinkslipbot, Cyble
49	21/07/2022	'Recently'	'Recently'	Amadey	Multiple organizations	Researchers from Ahnlab discover a new campaign where a new version of the Amadey malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures.	Malware	Multiple Industries	CC	>1		Ahnlab, Amadey, SmokeLoader
50	21/07/2022	Since March 2022	'Recently'	Candiru	Journalists in Lebanon	Researchers from Avast discover a spyware campaign by the secretive Israeli firm Candiru, carried out exploiting CVE-2022-2294, a Google Chrome vulnerability.	Targeted Attack	Information and communication	CE	LB		Avast, Israel, Candiru, CVE-2022-2294, Google Chrome
51	21/07/2022	Since December 2021	Since December 2021	TA4563	Various European financial and investment entities	Researchers from Proofpoint discover a campaign carried out by TA4563, targeting various European financial and investment entities through the EvilNum malware.	Malware	Finance and insurance	CC	EU		Proofpoint, TA4563, EvilNum
52	21/07/2022	-	-	?	Multiple organizations	Researchers from Avanan discover a new threat campaign using PayPal to send out phishing invoices.	Account Takeover	Multiple Industries	CC	>1		Avanan, PayPal
53	21/07/2022	-	-	?	Customers of Punjab State Power Corporation Limited (PSPCL)	Punjab State Power Corporation Limited (PSPCL) warns its customers of a phone scam tricking them to download a malicious app to perform a fake payment.	Malware	Individual	CC	IN		Punjab State Power Corporation Limited, PSPCL
54	21/07/2022	-	-	?	Multiple organizations	Researchers from Trend Micro identify a malicious campaign using the object storage service (OSS) of Alibaba Cloud (also known as Aliyun) for malware distribution and illicit cryptocurrency-mining activities	Misconfiguration	Multiple Industries	CC	>1		Trend Micro, OSS, Alibaba Cloud, Aliyun
55	21/07/2022	-	-	?	MWD Digital	MVD Digital, an Italian company of digital services, is hit with a LockBit 3.0 ransomware attack.	Malware	Professional, scientific and technical	CC	IT		MVD Digital, LockBit 3.0, ransomware
56	22/07/2022	During December 2021	21/07/2022	devil	Twitter	Twitter suffers a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000.	Vulnerability	Information and Communication	CC	US		devil, Twitter
57	22/07/2022	-	-	?	Vulnerable PrestaShop Websites	Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information.	CVE-2022-36408 Vulnerability	Wholesale and retail	CC	>1		CVE-2022-36408, PrestaShop
58	22/07/2022	09/06/2022	09/06/2022	?	City of Newport	The City of Newport informs 6,109 past and current employees of a data breach that impacted their personal information when unauthorized activity in its network was detected.	Unknown	Public admin and defence, social security	CC	US		City of Newport
59	22/07/2022	Between 12/03/2022 and 21/03/2022	23/03/2022	?	Clinivate	Clinivate, a provider of EHR solutions for behavioral health agencies and schools, notifies its customers of a data security incident that may have exposed the protected health information of individuals within Clinivate's electronic health record system.	Unknown	Professional, scientific and technical	CC	US		Clinivate
60	22/07/2022	Between March 25, 2022 and May 24, 2022	-	?	Arhaus	Arhaus reports a data breach stemming from a phishing incident in which an unauthorized party accessed sensitive employee information contained on the company’s systems.	Account Takeover	Wholesale and retail	CC	US		Arhaus
61	22/07/2022	Between March 7, 2022, and March 21, 2022	28/03/2022	?	Shields Health Care Group	Shields Health Care Group files an official notice of a data breach after an unauthorized party gained access to the company’s computer systems for a period of about two weeks.	Unknown	Human health and social work	CC	US		Shields Health Care Group
62	22/07/2022	-	-	Pro-choice hacktivists associated to the Anonymous collective	Liberty Counsel	In name of OperationJane, pro-choice hacktivists leak more than 74 gigabytes of data connected to evangelical organizations from Liberty Counsel. The data is allegedly obtained after hacking WMTEK, a company that offers web design and website management.	Unknown	Other service activities	H	US		OperationJane, Liberty Counsel, WMTEK
63	22/07/2022	21/12/2021	Between November 30, 2021 and December 21, 2021	?	Oklahoma City Housing Authority (OCHA)	Oklahoma City Housing Authority (OCHA) discloses a phishing incident.	Account Takeover	Human health and social work	CC	US		Oklahoma City Housing Authority, OCHA
64	22/07/2022	-	-	?	Vulnerable WordPress sites	Researchers from Sucuri discover a campaign carried out via a cryptominer written in WebAssembly.	Malicious Script Injection	Multiple Industries	CC	>1		Sucuri, WebAssembly
65	22/07/2022	-	-	?	Arts and Culture Trust	Western Australia’s biggest arts organisations are notified that Arts and Culture Trust suffered a data breach after a third-party software used by the companies had been hacked.	Unknown	Arts entertainment, recreation	CC	AU		Arts and Culture Trust
66	22/07/2022	-	13/07/2022	?	Unknown organization	A threat actor claims to have breached a database containing the details of 30 million Thai individuals.	Unknown	Unknown	CC	N/A		Thailand
67	22/07/2022	20/07/2022	20/07/2022	?	?	Qmunity, a Vancouver-based LGBTQ+ advocacy group says that it has been the target of a cyberattack.	Unknown	Other service activities	CC	CA		Qmunity
68	22/07/2022	-	-	LockBit 3.0	Rovagnati	Rovagnati, an Italian producer of curated meat is hit by a LockBit 3.0 ransomware attack.	Malware	Accommodation and food service	CC	IT		LockBit, Rovagnati, Ransomware
69	24/07/2022	24/07/2022	24/07/2022	?	Audius	The decentralized music platform Audius is hacked, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.	Vulnerability	Fintech	CC	US		Audius
70	24/07/2022	19/07/2022	19/07/2022	?	Policybazaar	Indian insurance company Policybazaar warns that it suffered a data breach, having discovered an “illegal and unauthorized access” exploiting vulnerabilities in its systems.	Vulnerability	Finance and insurance	CC	IN		Policybazaar
71	25/07/2022	Since at least 19/07/2022	-	UAC-0041	Individuals in Ukraine	The computer emergency response team of Ukraine CERT-UA discovers a campaign with malicious e-mails with the subject "Final payment" and an attachment of the same name in the form of a TGZ archive. The archive contains an EXE file classified as the RelicRace .NET downloader, designed to download, decode and run the RelicSource malicious .NET program in memory.	Malware	Individual	CE	UA		Ukraine, CERT-UA, Final payment, RelicRace, RelicSource
72	25/07/2022	Since at least 2016	-	Chinese-speaking threat actors	Multiple organizations	Researchers from Kaspersky reveal the details of CosmicStrand, a UEFI malware liying undetected in the firmware images for some motherboards including Gigabyte and ASUS.	Malware	Multiple Industries	CE	>1		Kaspersky, CosmicStrand, UEFI, Gigabyte, ASUS, China
73	25/07/2022	-	-	LV Blog	GESIS	The LockBit ransomware gang claims to have breached the Italian Tax Agency (Agenzia delle Entrate). In reality the real victim is a different company (GESIS) breached by a different ransomware group (LV Blog).	Malware	Finance and insurance	CC	IT		LockBit, ransomware, Italian Tax Agency, Agenzia delle Entrate, GESIS, LV Blog
74	25/07/2022	22/07/2022	22/07/2022	BlackCat AKA ALPHV	Creos Luxembourg S.A.	The ALPHV ransomware gang, aka BlackCat, claims responsibility for a cyberattack against Creos Luxembourg S.A., a natural gas pipeline and electricity network operator in the central European country.	Malware	Electricity, gas steam, air conditioning	CC	LU		ALPHV, BlackCat, ransomware, Creos Luxembourg S.A.
75	25/07/2022	22/07/2022	22/07/2022	BlackCat AKA ALPHV	Enovos	Enovos, another energy supplier in Luxembourg belonging to the Encevo Group is hit by the same ransomware attack.	Malware	Electricity, gas steam, air conditioning	CC	LU		Enovos, Encevo Group, Ransomware, ALPHV, BlackCat
76	25/07/2022	Since July 3, 2022	-	Luca Stealer	Multiple organizations	Security researchers from Cyble observe an uptick in new Luca Stealer samples after the malware’s source code was made public.	Malware	Multiple Industries	CC	>1		Luca Stealer, Cyble
77	25/07/2022	-	-	UAC-0010 AKA Armageddon	Individuals in Ukraine	The computer emergency response team of Ukraine CERT-UA discovers a new campaign, carried out by the group UAC-0010 AKA Armageddon, distributing the GammaLoad.PS1_v2 malware through malicious emails apparently coming from the National Academy of Security of Ukraine.	Malware	Individual	CE	UA		Ukraine, CERT-UA, UAC-0010, Armageddon, GammaLoad.PS1_v2, National Academy of Security of Ukraine.
78	25/07/2022	13/03/2022	13/03/2022	?	Wilson Tool International	Wilson Tool International reports a ransomware data breach after the company discovered that an unauthorized party accessed and encrypted certain files on the company’s network.	Malware	Manufacturing	CC	US		Wilson Tool International, ransomware
79	25/07/2022	-	-	?	Boeing Employees’ Credit Union (BECU)	Boeing Employees’ Credit Union (BECU) files an official notice of a data breach with various government entities after the company learned of a network security incident at a third-party vendor	Unknown	Finance and insurance	CC	US		Boeing Employees’ Credit Union, BECU
80	25/07/2022	20/07/2022	20/07/2022	LockBit	Town of St. Marys	The LockBit ransomware gang locks the internal servers and encrypts the data of St. Marys, a town in southwestern Ontario.	Malware	Public admin and defence, social security	CC	CA		LockBit, Ransomware, St. Marys, Ontario
81	25/07/2022	-	-	?	Users of Mahanagar Telephone Nigam Limited (MTNL)	The Delhi Police warns users against a phishing campaign using the name and logo of Mahanagar Telephone Nigam Limited (MTNL) via WhatsApp.	Account Takeover	Individual	CC	IN		Delhi Police, Mahanagar Telephone Nigam Limited, MTNL, WhatsApp
82	25/07/2022	-	-	?	Individuals in Singapore	Individuals in Singapore are warned of a phishing campaign posing as charity platform Giving.sg after a spate of phishing e-mails.	Account Takeover	Individual	CC	SG		Giving.sg
83	25/07/2022	During May 2022?	-	Matrong AKA Boldenis77	Lopes	A threat actor claims to have breached Lopes, a Brazilian firm that provides real estate services, and stolen 13 GB of data.	Undisclosed vulnerabilities	Real estate	CC	BR		Matrong, Boldenis77, Lopes
84	26/07/2022	Since at least 2018	-	Vietnamese threat actors	Professionals on LinkedIn	Researchers from WithSecure reveal the details of a new phishing campaign codenamed 'Ducktail', targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company.	Account Takeover	Multiple Industries	CC	>1		WithSecure, 'Ducktail', LinkedIn, Facebook
85	26/07/2022	Since May 2022	-	?	Android users	Researchers from Dr.Web discover a new batch of malicious Android apps filled with adware and malware on the Google Play Store, installed close to 10 million times.	Malware	Individual	CC	>1		Dr.Web, Android, Google Play Store
86	26/07/2022	Between January and May 2022	During May 2022	?	Vulnerable Exchange servers	Researchers from Microsoft reveal the detail of a campaign exploiting malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers.	Vulnerability	Multiple Industries	CC	>1		Microsoft, Internet Information Services, IIS, Exchange
87	26/07/2022	Since March 2022	During mid-June 2022	Robin Banks	Online users of multiple banks	Researchers from IronNet discover a new phishing as a service (PhaaS) platform named 'Robin Banks', offering ready-made phishing kits targeting the customers of well-known banks and online services, including Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, and Santander.	Account Takeover	Finance and insurance	CC	>1		IronNet, phishing as a service, PhaaS, Robin Banks, Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, Santander
88	26/07/2022	-	-	?	Nikos Androulakis	A security audit by the European Parliament reveals attempts to plant the Cytrox surveillance software on the phone of Nikos Androulakis, a Greek lawmaker.	Targeted Attack	Individual	CE	GR		European Parliament, Cytrox, Nikos Androulakis\|
89	26/07/2022	Between February 27, 2022 and April 27, 2022.	27/04/2022	?	Laborers International Union of North America Local 1098 (AKA LIUNA Local 1098, LIUNA 1098)	Laborers International Union of North America Local 1098 (LIUNA Local 1098, LIUNA 1098) reports a data breach stemming from an incident involving unauthorized access to an employee email account.	Account Takeover	Other service activities	CC	US		Laborers International Union of North America Local 1098, LIUNA Local 1098, LIUNA 1098
90	26/07/2022	-	14/06/2022	?	Gannon Associates Insurance Agency	Gannon Associates Insurance Agency reports a data breach after the company experienced an “information security incident.”	Unknown	Finance and insurance	CC	US		Gannon Associates Insurance Agency
91	26/07/2022	-	01/05/2022	?	DigiPen Institute of Technology	DigiPen Institute of Technology reports a data breach after an unauthorized party, during a ransomware attack, gained access to files on its network that contained sensitive consumer information.	Malware	Education	CC	US		DigiPen Institute of Technology, ransomware
92	26/07/2022	-	-	?	Customers of Chase Bank	A new phishing campaign targets the customers of Chase Bank.	Account Takeover	Finance and insurance	CC	US		Chase Bank
93	26/07/2022	-	-	?	Individuals	Researchers from Sucuri discover a DHL phishing campaign using Telegram bots for data exfiltration.	Account Takeover	Individual	CC	>1		Sucuri, DHL, Telegram
94	26/07/2022	26/07/2022	26/07/2022	?	AV-TEST Twitter account	The official English Twitter account of AV-TEST is hijacked by NFT spammers.	Account Takeover	Professional, scientific and technical	CC	DE		AV-TEST
95	26/07/2022	-	-	?	Town of Saugerties	Police investigate a report that paychecks for an employee of the town of Saugerties were diverted to an incorrect bank through an apparent cyber fraud scheme	Business Email Compromise	Public admin and defence, social security	CC	US		Town of Saugerties
96	27/07/2022	SInce at least 2021	-	Knotweed	European and Central American organizations	Researchers from Microsoft reveal the details of a campaign carried out by a threat actor dubbed Knotweed (linked to DSRIF, an Austrian spyware vendors), using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, to distribute a malware called Subzero.	Targeted Attack	Multiple Industries	CE	>1		Microsoft, Knotweed, DSRIF, Austria, Spyware, Windows, Adobe, CVE-2022-22047, Subzero
97	27/07/2022	26/07/2022	26/07/2022	?	NetStandard	A US managed service provider, NetStandard, suffers a possible ransomware attack causing the company to shut down its cloud services.	Malware	Professional, scientific and technical	CC	US		NetStandard, Ransomware
98	27/07/2022	21/07/2022	21/07/2022	?	Undisclosed organization in Eastern Europe	Akamai reveals to have detected and mitigated the largest DDoS attack ever launched against a European organization, with globally distributed attack traffic peaking at 853.7 Gbps and 659.6 Mpps over 14 hours.	DDoS	Unknown	CC	N/A		Akamai
99	27/07/2022	-	-	?	Vulnerable Atlassian servers	Researchers from Rapid7 reveal that the critical vulnerability CVE-2022-26138 is currently exploited in the wild.	CVE-2022-26138 Vulnerability	Multiple Industries	CC	>1		Questions for Confluence, Atlassian, Rapid7, CVE-2022-26138
100	27/07/2022	28/04/2022	28/04/2022	?	OneTouchPoint	A ransomware attack to OneTouchPoint, a printing and mailing services provide, affects at least 34 healthcare orgs.	Malware	Administration and support service	CC	US		OneTouchPoint, ransomware
101	27/07/2022	-	-	?	Multiple organizations	Researchers from Trend Micro discover a new campaign using the Gootkit access-as-a-service (AaaS) malware to delivery Cobalt Strike beacons.	Malware	Multiple Industries	CC	>1		Trend Micro, Gootkit, Cobalt Strike
102	27/07/2022	Since January 2022	Since January 2022	?	Social media users in the UK	UK police warn of a surge in social media hacking incidents in which victims’ accounts are flooded with indecent images of children.	Account Takeover	Individual	CC	UK		UK Police, Social Media
103	27/07/2022	Late May 2022	Late May 2022	?	St. Luke’s Health System	St. Luke’s Health System discloses that the information of 31,573 individuals is compromised after a vendor, Kaye Smith, suffers a cyber incident.	Unknown	Human health and social work	CC	US		St. Luke’s Health System, Kaye Smith
104	27/07/2022	Between March 17, 2022 and May 8, 2022	During April 2022	?	Gatto, Pope & Walrick	Gatto, Pope & Walrick confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on some employees' accounts.	Account Takeover	Professional, scientific and technical	CC	US		Gatto, Pope & Walrick
105	27/07/2022	-	-	?	Gelt Finance	Gelt Finance reports a data breach after the company confirmed unauthorized access to its IT network.	Unknown	Finance and insurance	CC	US		Gelt Finance
106	27/07/2022	-	-	?	Behavioral Health Group	Behavioral Health Group files official notice of a data breach after a “security incident” affecting the company’s computer system resulted in an unauthorized party being able to access sensitive information belonging to certain patients.	Unknown	Human health and social work	CC	US		Behavioral Health Group
107	28/07/2022	-	26/07/2022	LofyLife	Discord users	Researchers from Kaspersky discover LofyLife, an ongoing malicious campaign using malicious npm packages to infect Discord users with malware that steals their payment card information using a variant of the python malware Volt Stealer and the JavaScript malware Lofy Stealer.	Malware	Individual	CC	>1		Kaspersky, LofyLife, npm, Discord, Volt Stealer, Lofy Stealer.
108	28/07/2022	Since at least September 2021	During September 2021	Kimsuky (AKA SharpTongue)	Foreign policy, nuclear and other individuals of strategic interest in the United States, Europe, and South Korea	Researchers from Volexity reveal the details of the latest campaign by the North Korean threat actor Kimsuky, using SHARPEXT, a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users.	Targeted Attack	Multiple Industries	CE	>1		Volexity, Kimsuky, SharpTongue, SHARPEXT, Google Chrome, Microsoft Edge, North Korea
109	28/07/2022	-	-	?	Vulnerable MSSQL servers	Researchers from Ahnlab discover a new campaign hijacking Microsoft SQL servers, to convert devices into proxies that are rented through online proxy services.	Vulnerability	Multiple Industries	CC	>1		Ahnlab, Microsoft SQL servers, proxy
110	28/07/2022	Since at least 26/07/2022	26/07/2022	DEV-0206	Multiple organizations	Researchers from Microsoft reveal that a threat actor tracked as DEV-0206 uses the Raspberry Robin Windows worm to deploy the FakeUpdates malware, later exploited by the Evil Corp (DEV-0243) group.	Malware	Multiple Industries	CC	>1		Microsoft, DEV-0206, Raspberry Robin, Windows, FakeUpdates, Evil Corp, DEV-0243
111	28/07/2022	'Recently'	'Recently'	LockBit 3.0	Undisclosed organization	Researchers from Sentinel One reveal the details of an attack where a threat actor associated with the LockBit 3.0 ransomware operation abused the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software.	Malware	Unknown	CC	N/A		Sentinel One, LockBit 3.0, ransomware, Windows Defender, Cobalt Strike
112	28/07/2022	-	-	?	Android users	Researchers from McAfee discover HiddenAds, a collection of several adware apps promoted on Facebook as system cleaners and optimizers for Android devices with millions of installations on Google Play store.	Malware	Individual	CC	>1		McAfee, Facebook, Android, HiddenAds
113	28/07/2022	-	-	?	Multiple organizations	Researchers from Cofense discover a new phishing attack that attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don't, and it uses a countdown timer to pile on the pressure.	Account Takeover	Multiple Industries	CC	>1		Cofense
114	28/07/2022	During 2020	During 2020	?	US federal court system	During a public hearing, it turns out that the US federal court system suffered a major cybersecurity breach in 2020.	Unknown	Public admin and defence, social security	CC	US		US federal court system
115	28/07/2022	Between June 28, 2021 and August 24, 2021	'Recently'	?	Gaedeke Group	Gaedeke Group, LLC confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on various compromised employee email accounts.	Account Takeover	Real estate	CC	US		Gaedeke Group
116	28/07/2022	-	-	?	Google Workspace users	Researchers from Avanan detect an ongoing phishing campaign that uses mirror images of target organizations' landing pages, dynamically created, to trick victims into entering login credentials.	Account Takeover	Multiple Industries	CC	>1		Avanan, Google Workspace
117	28/07/2022	-	During June 2022	?	Online banking users	Researchers from Cyble identify a threat actor on a cybercrime forum offering monthly subscription-based services for an IBAN clipper malware targeting Windows operating systems.	Malware	Finance and insurance	CC	>1		Cyble, IBAN Clipper
118	28/07/2022	Early July	-	?	911[.]re	911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announces that it is shutting down in the wake of a data breach that destroyed key components of its business operations.	Vulnerability	Other service activities	CC	N/A		911[.]re
119	28/07/2022	28/07/2022	28/07/2022	?	Nirvana Finance	The decentralized finance platform Nirvana Finance suffers a $3.5 million hack involving the use of flash loans to manipulate and drain its liquidity pools.	Flash loan	Fintech	CC	N/A		Nirvana Finance
120	28/07/2022	-	-	?	Unione dei Comuni Valdisieve e Valdarno (Municipalities of Valdisieve and Valdarno)	The Municipalities of Valdisieve and Valdarno is hit with a cyber attack.	Unknown	Public admin and defence, social security	CC	IT		Unione dei Comuni Valdisieve e Valdarno, Municipalities of Valdisieve and Valdarno
121	28/07/2022	'Recently'	'Recently'	?	MetaMask users	Researchers from Halborn discover a new phishing campaign targeting users of MetaMask, a well-known crypto wallet.	Account Takeover	Fintech	CC	>1		Halborn, MetaMask
122	29/07/2022	-	-	?	Individuals in the US	The Federal Communications Commission (FCC) warns Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money.	Account Takeover	Individual	CC	US		Federal Communications Commission, FCC, SMS, Short Message Service, phishing
123	29/07/2022	-	-	?	Individuals in Europe	Researchers from Group-IB discover a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.	Account Takeover	Individual	CC	UK BE NL DE PL PT NO SE CZ		Group-IB
124	29/07/2022	-	-	Hive	Wootton Upper School	The Hive ransomware group demands a ransom of £500,000 (about $608,000) from Wootton Upper School after breaching its systems.	Malware	Education	CC	UK		Hive, ransomware, Wootton Upper School
125	29/07/2022	-	-	Hive	Kimberley College	The same ransomware group demands a ransom of £500,000 (about $608,000) from Kimberley College after breaching its systems.	Malware	Education	CC	UK		Hive, ransomware, Kimberley College
126	29/07/2022	End of 2021	-	DawDropper	Android users	Researchers from Trend Micro discover a new mobile malware campaign, dubbed DawDropper, and delivering four types of banking trojan: TeaBot, Octo, Hydra and Ermac.	Malware	Individual	CC	>1		Trend Micro, DawDropper, TeaBot, Octo, Hydra, Ermac
127	29/07/2022	Since early July 2022	Early July 2022	Raccoon Stealer	Multiple organizations	Researchers from Zscaler discover a new variant of the Raccoon Stealer malware (v2) updated to steal credentials and other data more efficiently.	Malware	Multiple Industries	CC	>1		Zscaler, Raccoon Stealer, v2
128	29/07/2022	31/05/2022	01/06/2022	?	Allegheny Health Network	The names and medical histories of 8,000 Allegheny Health Network patients might have been leaked in a data breach after an employee opened a phishing email that compromised their account	Account Takeover	Human health and social work	CC	US		Allegheny Health Network
129	29/07/2022	29/04/2022	29/04/2022	?	Goldsboro Podiatry	Goldsboro Podiatry announces that unauthorized individuals potentially obtained the protected health information (PHI) of 30,669 individuals, after an unnamed company that manages the electronic medical records of patients suffered a ransomware attack.	Malware	Human health and social work	CC	US		Goldsboro Podiatry, ransomware
130	29/07/2022	01/06/2022	01/06/2022	?	Healthback Holdings	Healthback Holdings, a home health company discloses a healthcare data breach that impacted 21,114 individuals, having discovered unauthorized activity within its employee email.	Account Takeover	Human health and social work	CC	US		Healthback Holdings
131	29/07/2022	-	01/06/2022	?	Minuteman Senior Services (MSS)	Minuteman Senior Services (MSS) reports an email breach that impacted 4,000 individuals.	Account Takeover	Human health and social work	CC	US		Minuteman Senior Services, MSS
132	29/07/2022	From April 21, 2022, until April 28, 2022, and again on May 26, 2022	14/06/2022	?	Wisan Smith Racker & Prescott (WSRP)	Wisan Smith Racker & Prescott (WSRP) confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network	Unknown	Professional, scientific and technical	CC	US		Wisan Smith Racker & Prescott, WSRP
133	29/07/2022	03/09/2021	03/09/2021	?	Gardner Resources Consulting	Gardner Resources Consulting confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network.	Unknown	Administration and support service	CC	US		Gardner Resources Consulting
134	29/07/2022	-	01/09/2021	?	RetireOne	RetireOne, a platform for fee-based insurance solutions developed and maintained by Aria Retirement Solutions, experiences a data breach after an unauthorized party gained access to sensitive consumer data through a compromised employee email account.	Account Takeover	Professional, scientific and technical	CC	US		RetireOne, Aria Retirement Solutions
135	29/07/2022	-	05/10/2021	?	Community Surgical Supply (CSS)	Community Surgical Supply (CSS) reports a data breach after the company discovered that some of its files had been encrypted and were accessible to the unauthorized party that orchestrated the ransomware attack.	Malware	Manufacturing	CC	US		Community Surgical Supply, CSS
136	29/07/2022	-	-	?	Central Maine Medical Center	Central Maine Medical Center confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network.	Unknown	Human health and social work	CC	US		Central Maine Medical Center
137	29/07/2022	05/07/2022	05/07/2022	Karakurt	Methodist McKinney Hospital MMH	Methodist McKinney Hospital discloses a ransomware attack. The Karakurt gang claims responsibility.	Malware	Human health and social work	CC	US		Methodist McKinney Hospital, MMH, Karakurt, Ransomware
138	29/07/2022	05/07/2022	05/07/2022	Karakurt	Methodist Allen Surgical Center (MASC)	Methodist Allen Surgical Center discloses a ransomware attack. The Karakurt gang claims responsibility.	Malware	Human health and social work	CC	US		Methodist Allen Surgical Center, MASC, Karakurt, Ransomware
139	29/07/2022	05/07/2022	05/07/2022	Karakurt	Methodist Craig Ranch Surgical Center (MCRSC)	Methodist Craig Ranch Surgical Center discloses a ransomware attack. The Karakurt gang claims responsibility.	Malware	Human health and social work	CC	US		Methodist Craig Ranch Surgical Center, MCRSC, Karakurt, Ransomware
140	30/07/2022	Earlier this week	Earlier this week	?	Bromford Housing Association	Bromford Housing Association is targeted by a cyber attack.	Unknown	Real estate	CC	UK		Bromford Housing Association
141	31/07/2022	-	-	DESORDEN	Srikrung Broker Co.	DESORDEN claims to have stolen more than 369 GB of data with approximately 3.28 million customer records and 462,980 from Srikrung Broker Co., an insurance broker.	Unknown	Finance and insurance	CC	TH		Srikrung Broker Co., DESORDEN
142	31/07/2022	-	-	DESORDEN	Frasers Property Thailand Public Company Limited.	DESORDEN claims to have stolen the personal data of 312,834 individuals from Frasers Property Thailand Public Company Limited.	Unknown	Real estate	CC	TH		Frasers Property Thailand Public Company Limited, Desorden
143	31/07/2022	-	-	DESORDEN	Union Auction Public Company Limited.	DESORDEN claims to have stolen the personal data of 30,000+ individuals from Union Auction Public Company Limited.	Unknown	Other service activities	CC	TH		Union Auction Public Company Limited., Desorden
144	31/07/2022	-	-	DESORDEN	724.co.th	DESORDEN claims to have stolen 1.75 TB of documents from 724.co.th, an insurance marketplace.	Unknown	Finance and insurance	CC	TH		724.co.th, DESORDEN
145	31/07/2022	-	-	?	Ticketera	Ticketera, a ticket sales platform, suffers a cyber attack.	Unknown	Arts entertainment, recreation	CC	BR		Ticketera
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
16-28 February 2023 Cyber Attacks Timeline
The second cyber attacks timeline of February 2023 is out and with 10.62 events/day confirms...
16-31 July 2023 Cyber Attacks Timeline
New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...