The second cyber attacks timeline of July 2022 confirms the sustained level of activity. In this fortnight I have collected 139 entries, once again the higher number in the last three months.
Ransomware continues to dominate the threat landscape, characterizing 21 out of 139 events (corresponding to 15.1%, a sharp decrease compared to 25.2%, of the previous timeline). 13 out of 139 events were characterized by the exploitation of vulnerabilities (corresponding to 9.35%, more than the double of 4.58% of the previous fortnight).
A trend that is characterizing this 2022, is the growing number of attacks against Decentralized Finance (DeFi) platforms. Unsurprisingly this trend continued also in the second half of July with three organizations (Nirvana Finance, Audius, and Premint NFT) losing a total of nearly $22M worth of cryptocurrency.
Another interesting event of this timeline is the massive breach suffered by Neopets, leading the exposure of 69 million members.
The hybrid warfare in Ukraine continues to characterize the threat landscape, despite with a minor impact than the previous months. Interestingly no operation against Russia was recorded in this fortnight, whereas Ukraine was flooded by multiple operations carried out by known threat actors and newcomers such as: Coldriver, Turla, Armagedon, UAC-0041, UNC2589, and GhostWriter.
And besides Ukraine, as usual the cyber espionage front is rich of events, for example Belgium revealed to have suffered three attacks from the Chinese threat actors APT27, APT30, APT31, and Gallium. Other interesting campaigns include the one carried out by APT29, exploiting cloud services and targeting a Nato country in Europe, and also the one carried out by APT36 and targeting high-value organizations in the Czech Republic, Poland, and other European countries.
So, in turn, enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map July H2 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/07/2022
-
-
?
Securities and Exchange Board of India (SEBI)
The Securities and Exchange Board of India (Sebi) discloses a phishing incident.
Account Takeover
Public admin and defence, social security
CC
IN
The Securities and Exchange Board of India, SEBI
2
17/07/2022
17/07/2022
17/07/2022
?
Government websites in Albania
The government of Albania is forced to take its websites offline due to a cyberattack.
Unknown
Public admin and defence, social security
CC
AL
Albania
3
17/07/2022
17/07/2022
17/07/2022
?
Premint NFT
The popular NFT platform, Premint NFT, is hacked, with the threat actors compromising its official website and stole 314 NFTs.
Malicious Script Injection
Fintech
CC
N/A
Premint NFT
4
17/07/2022
-
17/07/2022
?
Roblox Corporation
A hacker posts a 4Gb archive of what appears to be a cache of internal documents stolen from an employee who works for the massively popular gaming platform Roblox
Account Takeover
Arts entertainment, recreation
CC
US
Roblox
5
18/07/2022
04/07/2022
04/07/2022
Roaming Mantis
Android and iOS users in France
Researchers from Sekoia discover a new campaign carried out by the Roaming Mantis group, dropping on Android devices the XLoader (MoqHao) payload, a remote access, information stealing, and SMS spamming malware.
Malware
Individual
CC
FR
Sekoia, Roaming Mantis, Android, XLoader, MoqHao
6
18/07/2022
Since October 2021
-
Multiple threat actors
Cryptocurrency users in the US
The FBI warns that cybercriminals use fraudulent cryptocurrency investment applications to steal funds from US investors.
Malware
Fintech
CC
US
FBI, cryptocurrency
7
18/07/2022
Since at least January 18, 2022
-
?
80 restaurants using the MenuDrive and and 74 using the Harbortouch online ordering platforms
Researchers from Recorded Future reveal the details of a Magecart campaign targeting 80 restaurants using the MenuDrive and and 74 using the Harbortouch online ordering platforms.
Malicious Script Injection
Accommodation and food service
CC
US
Recorded Future, Magecart, MenuDrive, Harbortouch
8
18/07/2022
Since at least November 12, 2021
-
?
157 restaurants using the InTouchPOS online ordering platform
Researchers from Recorded Future reveal the details of a Magecart campaign targeting 157 restaurants using the InTouchPOS online ordering platform.
Malicious Script Injection
Accommodation and food service
CC
US
Recorded Future, Magecart, InTouchPOS
9
18/07/2022
-
-
APT27
Belgium defense and interior ministries
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including APT27, targeted the country's defense and interior ministries.
Targeted Attack
Public admin and defence, social security
CE
BE
Minister for Foreign Affairs of Belgium, APT27
10
18/07/2022
-
-
APT30
Belgium defense and interior ministries
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including APT30, targeted the country's defense and interior ministries.
Targeted Attack
Public admin and defence, social security
CE
BE
Minister for Foreign Affairs of Belgium, APT30
11
18/07/2022
-
-
APT31
Belgium defense and interior ministries
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including APT31, targeted the country's defense and interior ministries.
Targeted Attack
Public admin and defence, social security
CE
BE
Minister for Foreign Affairs of Belgium, APT31
12
18/07/2022
-
-
Gallium, AKA Softcell, and UNSC 2814
Belgium defense and interior ministries
The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups, including Gallium, targeted the country's defense and interior ministries.
Targeted Attack
Public admin and defence, social security
CE
BE
Minister for Foreign Affairs of Belgium, Gallium, Softcell, UNSC 2814
13
18/07/2022
'Recently'
'Recently'
Joker
Android users
Researches from Zscaler discover 50 apps infected with the Joker malware downloaded over 300,000 times.
Malware
Individual
CC
>1
Zscaler, Joker, Android
14
18/07/2022
'Recently'
'Recently'
Facestealer
Android users
Researches from Zscaler discover a new wave of infections in the Google Play store carried out via the Facesteaer malware, downloaded about 5,000 times.
Malware
Individual
CC
>1
Zscaler, Facestealer, Android
15
18/07/2022
'Recently'
'Recently'
Coper
Android users
Researches from Zscaler discover a new wave of infections in the Google Play store carried out via the Coper malware.
Malware
Individual
CC
>1
Zscaler, Coper, Android
16
18/07/2022
Over the last month
Over the last month
The 8220 Gang
Multiple organizations
Researchers from Sentinel One reveal the details of the latest campaign by the 8220 gang, exploiting Linux and cloud app vulnerabilities, such as Docker, Redis, Confluence, and Apache, to grow their botnet to more than 30,000 infected hosts.
The police department of the town of Frederick, Colorado says it is investigating claims that the town government was hit with a LockBit ransomware attack.
Malware
Public admin and defence, social security
CC
US
City of Frederick, LockBit, Ransomware
18
18/07/2022
-
-
?
Cleartrip
Popular Indian flight booking site Cleartrip announces a data breach involving the unauthorized access to the information of an unknown number of victims.
Unknown
Accommodation and food service
CC
IN
Cleartrip
19
18/07/2022
Between October 2020 and November 2021
-
Thai Government?
At least 30 political activists in Thailand
At least 30 political activists in Thailand have been hacked using Israeli surveillance spyware Pegasus by NSO Group, according to a joint investigation by human rights and cyber monitoring groups.
Targeted Attack
Individual
CE
TH
Pegasus, NSO Group, Thailand
20
18/07/2022
17/07/2022
17/07/2022
Altahrea Team
Israel's Health Ministry
Israel's Health Ministry is taken down by a DDoS attack launched by the pro-Iranian group Altahrea Team.
DDoS
Public admin and defence, social security
H
IL
Israel, Health Ministry, Altahrea Team.
21
18/07/2022
17/07/2022
17/07/2022
?
Zabicall
Zabicall, a South Korean call taxi system is hit with a ransomware attack.
Malware
Transportation and storage
CC
KR
Zabicall, ransomware
22
18/07/2022
26/02/2022
26/02/2022
?
Louisiana Public Facilities Authority (LPFA)
Louisiana Public Facilities Authority (LPFA) is hit with a ransomware attack.
Malware
Public admin and defence, social security
CC
US
Louisiana Public Facilities Authority, LPFA, ransomware
23
19/07/2022
'Recently'
'Recently'
Turla
Android users in Ukraine
Researchers from the Google's Threat Analysis Group (TAG) reveal that the Russian group Turla distributed a malicious Android app in disguise of a tool performing Denial of Service (DoS) attacks against a set of Russian websites and distributed from a domain spoofing the Ukrainian Azov Regiment.
Accounts of webmail and social media networks of Polish users
Researchers from the Google's Threat Analysis Group (TAG) discover a campaign carried out by the Belarusian threat actor Ghostwriter targeting accounts of webmail and social media networks of Polish users via 'Browser in the Browser' attacks.
Government and defense officials, politicians, NGOs and think tanks, and journalists
Researchers from the Google's Threat Analysis Group (TAG) reveal that the Russian threat actor COLDRIVER continues to send credential phishing emails to targets including government and defense officials, politicians, NGOs and think tanks, and journalists.
Researchers from ESET discover a previously unknown macOS backdoor that spies on users of compromised Macs and abuses cloud storage services to deliver the malware.
Malware
Multiple Industries
CE
>1
ESET, macOS, Macs, CloudMensis
27
19/07/2022
During May 2022
24/05/2022
APT29 AKA Cozy Bear, NOBELIUM, The Duke, Cloaked Ursa
NATO Country in Europe
Researchers from Palo Alto reveal the details of a new cyber espionage campaign carried out by the Russian threat actor APT29 targeting a Nato country in Europe.
The building materials giant Knauf is hit by a Black Basta ransomware attack.
Malware
Manufacturing
CC
DE
Knauf, Ransomware, Black Basta
29
19/07/2022
-
-
?
Vista Bank
Vista Bank reports a data breach resulting in the names, Social Security numbers and financial information of 14,418 individuals being compromised.
Unknown
Finance and insurance
CC
US
Vista Bank
30
19/07/2022
During June 2022
-
Qakbot AKA QBot, QuackBot and Pinkslipbot
Multiple organizations
Researchers from Fortinet discover a campaign spreading a new variant of QakBot via attached HTML files.
Malware
Multiple Industries
CC
>1
Qakbot, QBot, QuackBot, Pinkslipbot, Fortinet
31
19/07/2022
-
-
Desorden
Better Way Thailand Company Limited
Desorden claims to have breached Better Way Thailand Company Limited, a personal care products and cosmetics distributor, and stolen 180 GB of data and 60 GB of files, affecting more than 20 million individuals.
Undisclosed vulnerabilities
Wholesale and retail
CC
TH
Desorden, Better Way Thailand Company Limited
32
19/07/2022
17/07/2022
17/07/2022
?
Minamiboso City Board of Education
The Minamiboso City Board of Education confirms to have been hit with a ransomware attack.
Malware
Education
CC
JP
Minamiboso City Board of Education, ransomware
33
20/07/2022
Since 24/02/2022
-
Ghostwriter AKA UNC1151
Ukrainian civilians
Researchers from Mandiant disclose a campaign by the Belarusian group Ghostwriter targeting Ukrainian civilians spoofing humanitarian information on evacuation procedures.
Malware
Individual
CE
UA
Ghostwriter, UNC1151, Ukraine, Mandiant
34
20/07/2022
Since 24/02/2022
-
UNC2589
Ukrainian civilians
Researchers from Mandiant disclose a campaign by the pro-Russian group UNC2589 targeting Ukrainian civilians spoofing humanitarian information on evacuation procedures.
Malware
Individual
CE
UA
UNC2589, Mandiant
35
20/07/2022
-
19/07/2022
TarTarX
Neopets
Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members.
Unknown
Arts entertainment, recreation
CC
CN
Neopets, TarTarX
36
20/07/2022
-
-
?
Multiple organizations
Researchers from Malwarebytes discover a malvertising campaign leading to a Windows support scam site.
Malvertising
Multiple Industries
CC
>1
Malvertising
37
20/07/2022
During June 2022
During June 2022
Luna
Multiple organizations
Researchers from Kaspersky reveal the details of Luna, a new malware operation targeting several operating systems, including Windows, Linux, and ESXi systems.
Malware
Multiple Industries
CC
>1
Kaspersky, Luna, Ransomware
38
20/07/2022
-
-
APT37
High-value organizations in the Czech Republic, Poland, and other European countries
Researchers from Securonix reveal the details of STIFF#BIZON, a campaign carried out by the North Korean APT37 group, targeting high-value organizations in the Czech Republic, Poland, and other European countries using the Konni remote access tool.
Targeted Attack
Multiple Industries
CE
CZ
PL
Securonix, STIFF#BIZON, Konni, North Korea, APT37
39
20/07/2022
-
-
LockBit
Undisclosed organization
Researchers from Symantec Broadcom discover a new attack technique by the LockBit ransomware gang, carried out identifying domain-related information, creating a Group Policy for lateral movement, and executing a command on all systems within the same domain to forcefully update group policy.
Malware
Unknown
CC
N/A
Symantec, Broadcom, Symantec
40
20/07/2022
Since May 2022
-
Atlas Intelligence Group (A.I.G), aka Atlantis Cyber-Army
Researchers from Cyberint
Researchers from Cyberint reveal the details of the Atlas Intelligence Group (A.I.G), an emerging for-hire organization offering a range of services, including exclusive data leaks, DDoS and RDP.
The Waterloo Region District School Board says it’s working to restore its IT system and safeguard personal information of staff, students and families after it was the target of a cyberattack.
Unknown
Education
CC
CA
Waterloo Region District School Board
42
20/07/2022
-
-
?
Bronx Accountable Healthcare Network
The Bronx Accountable Healthcare Network notifies about a hacking incident involving email that impacted 17,161 patients.
Account Takeover
Human health and social work
CC
US
Bronx Accountable Healthcare Network
43
20/07/2022
-
-
?
Individuals in Massachusetts
The Department of Transitional Assistance (DTA) in Massachusetts issues a warning to residents about hacked ATM and card processing machines that have been cloning and stealing information off of credit, debit and Electronic Benefit Transfer (EBT) cards.
ATM skimming
Finance and insurance
CC
US
Department of Transitional Assistance, DTA, Massachusetts, ATM
44
21/07/2022
Since at least 28/04/2022
28/04/2022
Russian state-sponsored actors
Undisclosed software development company
Researchers from Cisco Talos reveal the details of a campaign targeting a large software development company in Ukraine via the GoMet backdoor.
Malware
Professional, scientific and technical
CE
UA
Cisco Talos, Ukraine, Russia, GoMet
45
21/07/2022
21/07/2022
21/07/2022
?
TAVR Media
Ukrainian media group TAVR Media confirms that it was hacked to spread fake news about President Zelenskiy being in critical condition and under intensive care.
Unknown
Information and communication
CW
UA
Ukraine, TAVR Media, President Zelenskiy
46
21/07/2022
18/06/2022
18/06/2022
?
Entrust
Digital security giant Entrust confirms that it suffered a ransomware attack where threat actors breached their network and stole data from internal systems.
Malware
Professional, scientific and technical
CC
US
Entrust, Ransomware
47
21/07/2022
-
-
Lightning Framework
Linux systems
Researchers from Intezer Labs reveal the details of a previously undetected malware dubbed 'Lightning Framework' that targets Linux systems.
Malware
Multiple Industries
CC
>1
Intezer Labs, Lightning Framework, Linux
48
21/07/2022
-
-
Qakbot AKA QBot, QuackBot and Pinkslipbot
Multiple organizations
Researchers from Cyble disclose the details of the latest Qbot campaign, where the operators of the malware have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software.
Malware
Multiple Industries
CC
>1
Qakbot, QBot, QuackBot, Pinkslipbot, Cyble
49
21/07/2022
'Recently'
'Recently'
Amadey
Multiple organizations
Researchers from Ahnlab discover a new campaign where a new version of the Amadey malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures.
Malware
Multiple Industries
CC
>1
Ahnlab, Amadey, SmokeLoader
50
21/07/2022
Since March 2022
'Recently'
Candiru
Journalists in Lebanon
Researchers from Avast discover a spyware campaign by the secretive Israeli firm Candiru, carried out exploiting CVE-2022-2294, a Google Chrome vulnerability.
Targeted Attack
Information and communication
CE
LB
Avast, Israel, Candiru, CVE-2022-2294, Google Chrome
51
21/07/2022
Since December 2021
Since December 2021
TA4563
Various European financial and investment entities
Researchers from Proofpoint discover a campaign carried out by TA4563, targeting various European financial and investment entities through the EvilNum malware.
Malware
Finance and insurance
CC
EU
Proofpoint, TA4563, EvilNum
52
21/07/2022
-
-
?
Multiple organizations
Researchers from Avanan discover a new threat campaign using PayPal to send out phishing invoices.
Account Takeover
Multiple Industries
CC
>1
Avanan, PayPal
53
21/07/2022
-
-
?
Customers of Punjab State Power Corporation Limited (PSPCL)
Punjab State Power Corporation Limited (PSPCL) warns its customers of a phone scam tricking them to download a malicious app to perform a fake payment.
Malware
Individual
CC
IN
Punjab State Power Corporation Limited, PSPCL
54
21/07/2022
-
-
?
Multiple organizations
Researchers from Trend Micro identify a malicious campaign using the object storage service (OSS) of Alibaba Cloud (also known as Aliyun) for malware distribution and illicit cryptocurrency-mining activities
Misconfiguration
Multiple Industries
CC
>1
Trend Micro, OSS, Alibaba Cloud, Aliyun
55
21/07/2022
-
-
?
MWD Digital
MVD Digital, an Italian company of digital services, is hit with a LockBit 3.0 ransomware attack.
Malware
Professional, scientific and technical
CC
IT
MVD Digital, LockBit 3.0, ransomware
56
22/07/2022
During December 2021
21/07/2022
devil
Twitter
Twitter suffers a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000.
Vulnerability
Information and Communication
CC
US
devil, Twitter
57
22/07/2022
-
-
?
Vulnerable PrestaShop Websites
Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information.
CVE-2022-36408 Vulnerability
Wholesale and retail
CC
>1
CVE-2022-36408, PrestaShop
58
22/07/2022
09/06/2022
09/06/2022
?
City of Newport
The City of Newport informs 6,109 past and current employees of a data breach that impacted their personal information when unauthorized activity in its network was detected.
Unknown
Public admin and defence, social security
CC
US
City of Newport
59
22/07/2022
Between 12/03/2022 and 21/03/2022
23/03/2022
?
Clinivate
Clinivate, a provider of EHR solutions for behavioral health agencies and schools, notifies its customers of a data security incident that may have exposed the protected health information of individuals within Clinivate's electronic health record system.
Unknown
Professional, scientific and technical
CC
US
Clinivate
60
22/07/2022
Between March 25, 2022 and May 24, 2022
-
?
Arhaus
Arhaus reports a data breach stemming from a phishing incident in which an unauthorized party accessed sensitive employee information contained on the company’s systems.
Account Takeover
Wholesale and retail
CC
US
Arhaus
61
22/07/2022
Between March 7, 2022, and March 21, 2022
28/03/2022
?
Shields Health Care Group
Shields Health Care Group files an official notice of a data breach after an unauthorized party gained access to the company’s computer systems for a period of about two weeks.
Unknown
Human health and social work
CC
US
Shields Health Care Group
62
22/07/2022
-
-
Pro-choice hacktivists associated to the Anonymous collective
Liberty Counsel
In name of OperationJane, pro-choice hacktivists leak more than 74 gigabytes of data connected to evangelical organizations from Liberty Counsel. The data is allegedly obtained after hacking WMTEK, a company that offers web design and website management.
Unknown
Other service activities
H
US
OperationJane, Liberty Counsel, WMTEK
63
22/07/2022
21/12/2021
Between November 30, 2021 and December 21, 2021
?
Oklahoma City Housing Authority (OCHA)
Oklahoma City Housing Authority (OCHA) discloses a phishing incident.
Account Takeover
Human health and social work
CC
US
Oklahoma City Housing Authority, OCHA
64
22/07/2022
-
-
?
Vulnerable WordPress sites
Researchers from Sucuri discover a campaign carried out via a cryptominer written in WebAssembly.
Malicious Script Injection
Multiple Industries
CC
>1
Sucuri, WebAssembly
65
22/07/2022
-
-
?
Arts and Culture Trust
Western Australia’s biggest arts organisations are notified that Arts and Culture Trust suffered a data breach after a third-party software used by the companies had been hacked.
Unknown
Arts entertainment, recreation
CC
AU
Arts and Culture Trust
66
22/07/2022
-
13/07/2022
?
Unknown organization
A threat actor claims to have breached a database containing the details of 30 million Thai individuals.
Unknown
Unknown
CC
N/A
Thailand
67
22/07/2022
20/07/2022
20/07/2022
?
?
Qmunity, a Vancouver-based LGBTQ+ advocacy group says that it has been the target of a cyberattack.
Unknown
Other service activities
CC
CA
Qmunity
68
22/07/2022
-
-
LockBit 3.0
Rovagnati
Rovagnati, an Italian producer of curated meat is hit by a LockBit 3.0 ransomware attack.
Malware
Accommodation and food service
CC
IT
LockBit, Rovagnati, Ransomware
69
24/07/2022
24/07/2022
24/07/2022
?
Audius
The decentralized music platform Audius is hacked, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.
Vulnerability
Fintech
CC
US
Audius
70
24/07/2022
19/07/2022
19/07/2022
?
Policybazaar
Indian insurance company Policybazaar warns that it suffered a data breach, having discovered an “illegal and unauthorized access” exploiting vulnerabilities in its systems.
Vulnerability
Finance and insurance
CC
IN
Policybazaar
71
25/07/2022
Since at least 19/07/2022
-
UAC-0041
Individuals in Ukraine
The computer emergency response team of Ukraine CERT-UA discovers a campaign with malicious e-mails with the subject "Final payment" and an attachment of the same name in the form of a TGZ archive. The archive contains an EXE file classified as the RelicRace .NET downloader, designed to download, decode and run the RelicSource malicious .NET program in memory.
Malware
Individual
CE
UA
Ukraine, CERT-UA, Final payment, RelicRace, RelicSource
72
25/07/2022
Since at least 2016
-
Chinese-speaking threat actors
Multiple organizations
Researchers from Kaspersky reveal the details of CosmicStrand, a UEFI malware liying undetected in the firmware images for some motherboards including Gigabyte and ASUS.
Malware
Multiple Industries
CE
>1
Kaspersky, CosmicStrand, UEFI, Gigabyte, ASUS, China
73
25/07/2022
-
-
LV Blog
GESIS
The LockBit ransomware gang claims to have breached the Italian Tax Agency (Agenzia delle Entrate). In reality the real victim is a different company (GESIS) breached by a different ransomware group (LV Blog).
Malware
Finance and insurance
CC
IT
LockBit, ransomware, Italian Tax Agency, Agenzia delle Entrate, GESIS, LV Blog
74
25/07/2022
22/07/2022
22/07/2022
BlackCat AKA ALPHV
Creos Luxembourg S.A.
The ALPHV ransomware gang, aka BlackCat, claims responsibility for a cyberattack against Creos Luxembourg S.A., a natural gas pipeline and electricity network operator in the central European country.
Enovos, another energy supplier in Luxembourg belonging to the Encevo Group is hit by the same ransomware attack.
Malware
Electricity, gas steam, air conditioning
CC
LU
Enovos, Encevo Group, Ransomware, ALPHV, BlackCat
76
25/07/2022
Since July 3, 2022
-
Luca Stealer
Multiple organizations
Security researchers from Cyble observe an uptick in new Luca Stealer samples after the malware’s source code was made public.
Malware
Multiple Industries
CC
>1
Luca Stealer, Cyble
77
25/07/2022
-
-
UAC-0010 AKA Armageddon
Individuals in Ukraine
The computer emergency response team of Ukraine CERT-UA discovers a new campaign, carried out by the group UAC-0010 AKA Armageddon, distributing the GammaLoad.PS1_v2 malware through malicious emails apparently coming from the National Academy of Security of Ukraine.
Malware
Individual
CE
UA
Ukraine, CERT-UA, UAC-0010, Armageddon, GammaLoad.PS1_v2, National Academy of Security of Ukraine.
78
25/07/2022
13/03/2022
13/03/2022
?
Wilson Tool International
Wilson Tool International reports a ransomware data breach after the company discovered that an unauthorized party accessed and encrypted certain files on the company’s network.
Malware
Manufacturing
CC
US
Wilson Tool International, ransomware
79
25/07/2022
-
-
?
Boeing Employees’ Credit Union (BECU)
Boeing Employees’ Credit Union (BECU) files an official notice of a data breach with various government entities after the company learned of a network security incident at a third-party vendor
Unknown
Finance and insurance
CC
US
Boeing Employees’ Credit Union, BECU
80
25/07/2022
20/07/2022
20/07/2022
LockBit
Town of St. Marys
The LockBit ransomware gang locks the internal servers and encrypts the data of St. Marys, a town in southwestern Ontario.
Malware
Public admin and defence, social security
CC
CA
LockBit, Ransomware, St. Marys, Ontario
81
25/07/2022
-
-
?
Users of Mahanagar Telephone Nigam Limited (MTNL)
The Delhi Police warns users against a phishing campaign using the name and logo of Mahanagar Telephone Nigam Limited (MTNL) via WhatsApp.
Individuals in Singapore are warned of a phishing campaign posing as charity platform Giving.sg after a spate of phishing e-mails.
Account Takeover
Individual
CC
SG
Giving.sg
83
25/07/2022
During May 2022?
-
Matrong AKA Boldenis77
Lopes
A threat actor claims to have breached Lopes, a Brazilian firm that provides real estate services, and stolen 13 GB of data.
Undisclosed vulnerabilities
Real estate
CC
BR
Matrong, Boldenis77, Lopes
84
26/07/2022
Since at least 2018
-
Vietnamese threat actors
Professionals on LinkedIn
Researchers from WithSecure reveal the details of a new phishing campaign codenamed 'Ducktail', targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company.
Account Takeover
Multiple Industries
CC
>1
WithSecure, 'Ducktail', LinkedIn, Facebook
85
26/07/2022
Since May 2022
-
?
Android users
Researchers from Dr.Web discover a new batch of malicious Android apps filled with adware and malware on the Google Play Store, installed close to 10 million times.
Malware
Individual
CC
>1
Dr.Web, Android, Google Play Store
86
26/07/2022
Between January and May 2022
During May 2022
?
Vulnerable Exchange servers
Researchers from Microsoft reveal the detail of a campaign exploiting malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers.
Vulnerability
Multiple Industries
CC
>1
Microsoft, Internet Information Services, IIS, Exchange
87
26/07/2022
Since March 2022
During mid-June 2022
Robin Banks
Online users of multiple banks
Researchers from IronNet discover a new phishing as a service (PhaaS) platform named 'Robin Banks', offering ready-made phishing kits targeting the customers of well-known banks and online services, including Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, and Santander.
Account Takeover
Finance and insurance
CC
>1
IronNet, phishing as a service, PhaaS, Robin Banks, Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, Santander
88
26/07/2022
-
-
?
Nikos Androulakis
A security audit by the European Parliament reveals attempts to plant the Cytrox surveillance software on the phone of Nikos Androulakis, a Greek lawmaker.
Targeted Attack
Individual
CE
GR
European Parliament, Cytrox, Nikos Androulakis|
89
26/07/2022
Between February 27, 2022 and April 27, 2022.
27/04/2022
?
Laborers International Union of North America Local 1098 (AKA LIUNA Local 1098, LIUNA 1098)
Laborers International Union of North America Local 1098 (LIUNA Local 1098, LIUNA 1098) reports a data breach stemming from an incident involving unauthorized access to an employee email account.
Account Takeover
Other service activities
CC
US
Laborers International Union of North America Local 1098, LIUNA Local 1098, LIUNA 1098
90
26/07/2022
-
14/06/2022
?
Gannon Associates Insurance Agency
Gannon Associates Insurance Agency reports a data breach after the company experienced an “information security incident.”
Unknown
Finance and insurance
CC
US
Gannon Associates Insurance Agency
91
26/07/2022
-
01/05/2022
?
DigiPen Institute of Technology
DigiPen Institute of Technology reports a data breach after an unauthorized party, during a ransomware attack, gained access to files on its network that contained sensitive consumer information.
Malware
Education
CC
US
DigiPen Institute of Technology, ransomware
92
26/07/2022
-
-
?
Customers of Chase Bank
A new phishing campaign targets the customers of Chase Bank.
Account Takeover
Finance and insurance
CC
US
Chase Bank
93
26/07/2022
-
-
?
Individuals
Researchers from Sucuri discover a DHL phishing campaign using Telegram bots for data exfiltration.
Account Takeover
Individual
CC
>1
Sucuri, DHL, Telegram
94
26/07/2022
26/07/2022
26/07/2022
?
AV-TEST Twitter account
The official English Twitter account of AV-TEST is hijacked by NFT spammers.
Account Takeover
Professional, scientific and technical
CC
DE
AV-TEST
95
26/07/2022
-
-
?
Town of Saugerties
Police investigate a report that paychecks for an employee of the town of Saugerties were diverted to an incorrect bank through an apparent cyber fraud scheme
Business Email Compromise
Public admin and defence, social security
CC
US
Town of Saugerties
96
27/07/2022
SInce at least 2021
-
Knotweed
European and Central American organizations
Researchers from Microsoft reveal the details of a campaign carried out by a threat actor dubbed Knotweed (linked to DSRIF, an Austrian spyware vendors), using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, to distribute a malware called Subzero.
A US managed service provider, NetStandard, suffers a possible ransomware attack causing the company to shut down its cloud services.
Malware
Professional, scientific and technical
CC
US
NetStandard, Ransomware
98
27/07/2022
21/07/2022
21/07/2022
?
Undisclosed organization in Eastern Europe
Akamai reveals to have detected and mitigated the largest DDoS attack ever launched against a European organization, with globally distributed attack traffic peaking at 853.7 Gbps and 659.6 Mpps over 14 hours.
DDoS
Unknown
CC
N/A
Akamai
99
27/07/2022
-
-
?
Vulnerable Atlassian servers
Researchers from Rapid7 reveal that the critical vulnerability CVE-2022-26138 is currently exploited in the wild.
CVE-2022-26138 Vulnerability
Multiple Industries
CC
>1
Questions for Confluence, Atlassian, Rapid7, CVE-2022-26138
100
27/07/2022
28/04/2022
28/04/2022
?
OneTouchPoint
A ransomware attack to OneTouchPoint, a printing and mailing services provide, affects at least 34 healthcare orgs.
Malware
Administration and support service
CC
US
OneTouchPoint, ransomware
101
27/07/2022
-
-
?
Multiple organizations
Researchers from Trend Micro discover a new campaign using the Gootkit access-as-a-service (AaaS) malware to delivery Cobalt Strike beacons.
Malware
Multiple Industries
CC
>1
Trend Micro, Gootkit, Cobalt Strike
102
27/07/2022
Since January 2022
Since January 2022
?
Social media users in the UK
UK police warn of a surge in social media hacking incidents in which victims’ accounts are flooded with indecent images of children.
Account Takeover
Individual
CC
UK
UK Police, Social Media
103
27/07/2022
Late May 2022
Late May 2022
?
St. Luke’s Health System
St. Luke’s Health System discloses that the information of 31,573 individuals is compromised after a vendor, Kaye Smith, suffers a cyber incident.
Unknown
Human health and social work
CC
US
St. Luke’s Health System, Kaye Smith
104
27/07/2022
Between March 17, 2022 and May 8, 2022
During April 2022
?
Gatto, Pope & Walrick
Gatto, Pope & Walrick confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on some employees' accounts.
Account Takeover
Professional, scientific and technical
CC
US
Gatto, Pope & Walrick
105
27/07/2022
-
-
?
Gelt Finance
Gelt Finance reports a data breach after the company confirmed unauthorized access to its IT network.
Unknown
Finance and insurance
CC
US
Gelt Finance
106
27/07/2022
-
-
?
Behavioral Health Group
Behavioral Health Group files official notice of a data breach after a “security incident” affecting the company’s computer system resulted in an unauthorized party being able to access sensitive information belonging to certain patients.
Unknown
Human health and social work
CC
US
Behavioral Health Group
107
28/07/2022
-
26/07/2022
LofyLife
Discord users
Researchers from Kaspersky discover LofyLife, an ongoing malicious campaign using malicious npm packages to infect Discord users with malware that steals their payment card information using a variant of the python malware Volt Stealer and the JavaScript malware Lofy Stealer.
Malware
Individual
CC
>1
Kaspersky, LofyLife, npm, Discord, Volt Stealer, Lofy Stealer.
108
28/07/2022
Since at least September 2021
During September 2021
Kimsuky (AKA SharpTongue)
Foreign policy, nuclear and other individuals of strategic interest in the United States, Europe, and South Korea
Researchers from Volexity reveal the details of the latest campaign by the North Korean threat actor Kimsuky, using SHARPEXT, a malicious browser extension to steal emails from Google Chrome or Microsoft Edge users.
Targeted Attack
Multiple Industries
CE
>1
Volexity, Kimsuky, SharpTongue, SHARPEXT, Google Chrome, Microsoft Edge, North Korea
109
28/07/2022
-
-
?
Vulnerable MSSQL servers
Researchers from Ahnlab discover a new campaign hijacking Microsoft SQL servers, to convert devices into proxies that are rented through online proxy services.
Vulnerability
Multiple Industries
CC
>1
Ahnlab, Microsoft SQL servers, proxy
110
28/07/2022
Since at least 26/07/2022
26/07/2022
DEV-0206
Multiple organizations
Researchers from Microsoft reveal that a threat actor tracked as DEV-0206 uses the Raspberry Robin Windows worm to deploy the FakeUpdates malware, later exploited by the Evil Corp (DEV-0243) group.
Researchers from Sentinel One reveal the details of an attack where a threat actor associated with the LockBit 3.0 ransomware operation abused the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software.
Malware
Unknown
CC
N/A
Sentinel One, LockBit 3.0, ransomware, Windows Defender, Cobalt Strike
112
28/07/2022
-
-
?
Android users
Researchers from McAfee discover HiddenAds, a collection of several adware apps promoted on Facebook as system cleaners and optimizers for Android devices with millions of installations on Google Play store.
Malware
Individual
CC
>1
McAfee, Facebook, Android, HiddenAds
113
28/07/2022
-
-
?
Multiple organizations
Researchers from Cofense discover a new phishing attack that attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don't, and it uses a countdown timer to pile on the pressure.
Account Takeover
Multiple Industries
CC
>1
Cofense
114
28/07/2022
During 2020
During 2020
?
US federal court system
During a public hearing, it turns out that the US federal court system suffered a major cybersecurity breach in 2020.
Unknown
Public admin and defence, social security
CC
US
US federal court system
115
28/07/2022
Between June 28, 2021 and August 24, 2021
'Recently'
?
Gaedeke Group
Gaedeke Group, LLC confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on various compromised employee email accounts.
Account Takeover
Real estate
CC
US
Gaedeke Group
116
28/07/2022
-
-
?
Google Workspace users
Researchers from Avanan detect an ongoing phishing campaign that uses mirror images of target organizations' landing pages, dynamically created, to trick victims into entering login credentials.
Account Takeover
Multiple Industries
CC
>1
Avanan, Google Workspace
117
28/07/2022
-
During June 2022
?
Online banking users
Researchers from Cyble identify a threat actor on a cybercrime forum offering monthly subscription-based services for an IBAN clipper malware targeting Windows operating systems.
Malware
Finance and insurance
CC
>1
Cyble, IBAN Clipper
118
28/07/2022
Early July
-
?
911[.]re
911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announces that it is shutting down in the wake of a data breach that destroyed key components of its business operations.
Vulnerability
Other service activities
CC
N/A
911[.]re
119
28/07/2022
28/07/2022
28/07/2022
?
Nirvana Finance
The decentralized finance platform Nirvana Finance suffers a $3.5 million hack involving the use of flash loans to manipulate and drain its liquidity pools.
Flash loan
Fintech
CC
N/A
Nirvana Finance
120
28/07/2022
-
-
?
Unione dei Comuni Valdisieve e Valdarno (Municipalities of Valdisieve and Valdarno)
The Municipalities of Valdisieve and Valdarno is hit with a cyber attack.
Unknown
Public admin and defence, social security
CC
IT
Unione dei Comuni Valdisieve e Valdarno, Municipalities of Valdisieve and Valdarno
121
28/07/2022
'Recently'
'Recently'
?
MetaMask users
Researchers from Halborn discover a new phishing campaign targeting users of MetaMask, a well-known crypto wallet.
Account Takeover
Fintech
CC
>1
Halborn, MetaMask
122
29/07/2022
-
-
?
Individuals in the US
The Federal Communications Commission (FCC) warns Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money.
Account Takeover
Individual
CC
US
Federal Communications Commission, FCC, SMS, Short Message Service, phishing
123
29/07/2022
-
-
?
Individuals in Europe
Researchers from Group-IB discover a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.
Account Takeover
Individual
CC
UK
BE
NL
DE
PL
PT
NO
SE
CZ
Group-IB
124
29/07/2022
-
-
Hive
Wootton Upper School
The Hive ransomware group demands a ransom of £500,000 (about $608,000) from Wootton Upper School after breaching its systems.
Malware
Education
CC
UK
Hive, ransomware, Wootton Upper School
125
29/07/2022
-
-
Hive
Kimberley College
The same ransomware group demands a ransom of £500,000 (about $608,000) from Kimberley College after breaching its systems.
Malware
Education
CC
UK
Hive, ransomware, Kimberley College
126
29/07/2022
End of 2021
-
DawDropper
Android users
Researchers from Trend Micro discover a new mobile malware campaign, dubbed DawDropper, and delivering four types of banking trojan: TeaBot, Octo, Hydra and Ermac.
Researchers from Zscaler discover a new variant of the Raccoon Stealer malware (v2) updated to steal credentials and other data more efficiently.
Malware
Multiple Industries
CC
>1
Zscaler, Raccoon Stealer, v2
128
29/07/2022
31/05/2022
01/06/2022
?
Allegheny Health Network
The names and medical histories of 8,000 Allegheny Health Network patients might have been leaked in a data breach after an employee opened a phishing email that compromised their account
Account Takeover
Human health and social work
CC
US
Allegheny Health Network
129
29/07/2022
29/04/2022
29/04/2022
?
Goldsboro Podiatry
Goldsboro Podiatry announces that unauthorized individuals potentially obtained the protected health information (PHI) of 30,669 individuals, after an unnamed company that manages the electronic medical records of patients suffered a ransomware attack.
Malware
Human health and social work
CC
US
Goldsboro Podiatry, ransomware
130
29/07/2022
01/06/2022
01/06/2022
?
Healthback Holdings
Healthback Holdings, a home health company discloses a healthcare data breach that impacted 21,114 individuals, having discovered unauthorized activity within its employee email.
Account Takeover
Human health and social work
CC
US
Healthback Holdings
131
29/07/2022
-
01/06/2022
?
Minuteman Senior Services (MSS)
Minuteman Senior Services (MSS) reports an email breach that impacted 4,000 individuals.
Account Takeover
Human health and social work
CC
US
Minuteman Senior Services, MSS
132
29/07/2022
From April 21, 2022, until April 28, 2022, and again on May 26, 2022
14/06/2022
?
Wisan Smith Racker & Prescott (WSRP)
Wisan Smith Racker & Prescott (WSRP) confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network
Unknown
Professional, scientific and technical
CC
US
Wisan Smith Racker & Prescott, WSRP
133
29/07/2022
03/09/2021
03/09/2021
?
Gardner Resources Consulting
Gardner Resources Consulting confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network.
Unknown
Administration and support service
CC
US
Gardner Resources Consulting
134
29/07/2022
-
01/09/2021
?
RetireOne
RetireOne, a platform for fee-based insurance solutions developed and maintained by Aria Retirement Solutions, experiences a data breach after an unauthorized party gained access to sensitive consumer data through a compromised employee email account.
Account Takeover
Professional, scientific and technical
CC
US
RetireOne, Aria Retirement Solutions
135
29/07/2022
-
05/10/2021
?
Community Surgical Supply (CSS)
Community Surgical Supply (CSS) reports a data breach after the company discovered that some of its files had been encrypted and were accessible to the unauthorized party that orchestrated the ransomware attack.
Malware
Manufacturing
CC
US
Community Surgical Supply, CSS
136
29/07/2022
-
-
?
Central Maine Medical Center
Central Maine Medical Center confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network.
Unknown
Human health and social work
CC
US
Central Maine Medical Center
137
29/07/2022
05/07/2022
05/07/2022
Karakurt
Methodist McKinney Hospital MMH
Methodist McKinney Hospital discloses a ransomware attack. The Karakurt gang claims responsibility.
Methodist Allen Surgical Center discloses a ransomware attack. The Karakurt gang claims responsibility.
Malware
Human health and social work
CC
US
Methodist Allen Surgical Center, MASC, Karakurt, Ransomware
139
29/07/2022
05/07/2022
05/07/2022
Karakurt
Methodist Craig Ranch Surgical Center (MCRSC)
Methodist Craig Ranch Surgical Center discloses a ransomware attack. The Karakurt gang claims responsibility.
Malware
Human health and social work
CC
US
Methodist Craig Ranch Surgical Center, MCRSC, Karakurt, Ransomware
140
30/07/2022
Earlier this week
Earlier this week
?
Bromford Housing Association
Bromford Housing Association is targeted by a cyber attack.
Unknown
Real estate
CC
UK
Bromford Housing Association
141
31/07/2022
-
-
DESORDEN
Srikrung Broker Co.
DESORDEN claims to have stolen more than 369 GB of data with approximately 3.28 million customer records and 462,980 from Srikrung Broker Co., an insurance broker.
Unknown
Finance and insurance
CC
TH
Srikrung Broker Co., DESORDEN
142
31/07/2022
-
-
DESORDEN
Frasers Property Thailand Public Company Limited.
DESORDEN claims to have stolen the personal data of 312,834 individuals from Frasers Property Thailand Public Company Limited.
Unknown
Real estate
CC
TH
Frasers Property Thailand Public Company Limited, Desorden
143
31/07/2022
-
-
DESORDEN
Union Auction Public Company Limited.
DESORDEN claims to have stolen the personal data of 30,000+ individuals from Union Auction Public Company Limited.
Unknown
Other service activities
CC
TH
Union Auction Public Company Limited., Desorden
144
31/07/2022
-
-
DESORDEN
724.co.th
DESORDEN claims to have stolen 1.75 TB of documents from 724.co.th, an insurance marketplace.
Unknown
Finance and insurance
CC
TH
724.co.th, DESORDEN
145
31/07/2022
-
-
?
Ticketera
Ticketera, a ticket sales platform, suffers a cyber attack.
Unknown
Arts entertainment, recreation
CC
BR
Ticketera
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
2022 Cyber Attacks Statistics
The Biggest Data Breaches of 2023
Leaky Buckets in 2023
16-31 July 2023 Cyber Attacks Timeline
July 2023 Cyber Attacks Statistics
