If you expected a Summer break in the attack trend you will be disappointed. In the first half of August 2022 I have recorded the second highest number of events, and the higher in absolute if we consider the events per day.
In reality the Summer also brought a new wave of ransomware attacks. 41 out of 149 events (27.5%) were characterized by this attack vector, meaning that we are back at values similar to the first timeline of July (25.2%.) On the other hand, 14 out of 149 events were characterized by the exploitation of vulnerabilities in line with the previous timeline.
The massive hacks against crypto platform continued also during the fist half of August, with a new record achieved by Nomad, which lost nearly $200M worth of cryptovalues after a vulnerability in a recent update was discovered and replicated by dozens of attackers. A number that overshadowed the losses suffered by Solana and Curved Finance (respectively roughly $5M and $800K).
And the Summer did not even stop mega breaches: millions of new records have been added to the pile of compromised accounts: a COVID-19 health app in China (48.5M records), an unknown credit agency (23M records), and the University of Kashmir (1M records) are the most notable examples.
The hybrid warfare in Ukraine confirmed the decreasing trend. This timeline saw multiple DDoS attacks carried out by the pro-Russian collective Killnet and their affiliates. Maybe the operations against Ukraine flew under the radar. The only ones deserved to be mentioned are the massive bot farm (1M bots) taken down by the Ukrainian cyber police (SSU) and a new campaign by the infamous Gamaredon group. Indirectly related to Ukraine is also the operation linked to a Russian threat actor tracked as SEABORGIUM targeting people and organizations in NATO countries.
But the cyber espionage front is always rich of events, the timeline reports new campaigns by the usual suspects such as: Charming Kitten, Bitter APT, APT36, APT-C-35, APT27, and many other threat actors, some of which emerged for the first time, such as the Chinese group that created the Manjusaka exploitation framework, or the actor tracked as TAC-040, very busy in exploiting the Atlassian Confluence flaw CVE-2022-26134.
As usual the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map August H1 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/08/2022
01/08/2022
01/08/2022
Killnet
Lockheed Martin
The pro-Russian group Killnet claims responsibility for a DDoS attack against Lockheed Martin.
DDoS
Professional, scientific and technical
H
US
Killnet, LockHeed Martin
2
01/08/2022
-
-
?
Wiseasy
Attackers have access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy.
Unknown
Manufacturing
CC
US
Wiseasy
3
01/08/2022
-
-
LV
Semikron
German power electronics manufacturer Semikron discloses that it was hit by a ransomware attack that partially encrypted the company's network. The attackers stole 2TB of data.
Malware
Manufacturing
CC
DE
Semikron, LV, ransomware
4
01/08/2022
-
-
?
Users of the Atomic wallet
A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware.
Malware
Fintech
CC
>1
Atomic Mars Stealer
5
01/08/2022
31/07/2022
31/07/2022
?
Twitter account of WWE Hall of Famer Mick Foley
The Twitter account of WWE Hall of Famer Mick Foley is compromised by a hacker who used his account to deploy a PS5 giveaway scam.
Account Takeover
Individual
CC
US
Twitter, WWE, Hall of Fame, Mick Foley
6
01/08/2022
01/08/2022
01/08/2022
?
Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan
The official Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan is hacked in order to promote a cryptocurrency scam.
Account Takeover
Individual
CC
PK
Instagram, Imran Khan
7
02/08/2022
02/08/2022
02/08/2022
?
Several websites run by the government of Taiwan
Several websites run by the government of Taiwan are disrupted by DDoS attacks hours before U.S. House Speaker Nancy Pelosi became the first high-ranking U.S. official in 25 years to visit the country.
DDoS
Public admin and defence, social security
H
TW
Taiwan, China, Nancy Pelosi
8
02/08/2022
01/08/2022
01/08/2022
?
Nomad
Crypto platform Nomad is robbed of more than $156 million in cryptocurrency after a vulnerability in a recent update was discovered and replicated by dozens of attackers.
Vulnerability
Fintech
CC
US
Nomad
9
02/08/2022
-
-
Members of the Russian special services?
Individuals in Ukraine
The Ukrainian cyber police (SSU) shuts down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks.
Coordinated Inauthentic Behavior
Individual
CW
UA
Ukraine, Russia
10
02/08/2022
Since at least June H2 2022
'Recently'
Chinese threat actors
Multiple organizations
Researchers from Cisco Talos discover a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative or in parallel to the Cobalt Strike toolset.
Malware
Multiple Industries
CE
>1
Cisco Talos, Manjusaka, Cobalt Strike
11
02/08/2022
16-17/07/2022
18/07/2022
Russian ransomware group
Spanish National Research Council (CSIC)
The Spanish National Research Council (CSIC) reveals to have been hit by a ransomware attack that is now attributed to Russian hackers.
Malware
Public admin and defence, social security
CC
ES
Spanish National Research Council, CSIC, ransomware, Russia
12
02/08/2022
'Recently'
'Recently'
SolidBit
League of Legend gamers
Researchers from Trend Micro discover a variant of the SolidBit ransomware targeting gamers of the popular League of Legend game.
Malware
Arts entertainment, recreation
CC
>1
Trend Micro, SolidBit, ransomware, League of Legend
13
02/08/2022
Since June 2022
During June 2022
?
Multiple organizations
Researchers from Zscaler discover a new large-scale phishing campaign targeting credentials for Microsoft email services with a custom proxy-based phishing kit to bypass multi-factor authentication.
Account Takeover
Multiple Industries
CC
>1
Zscaler, Microsoft 365
14
02/08/2022
End of May 2022
'Recently'
TAC-040
Undisclosed organization
Researchers from Deepwatch reveal that a threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor.
Researchers from PWC discover a new campaign by the Iranian threat actor Charming Kitten using a new Telegram grabber tool and malicious macro-enabled Word documents.
Researchers from Sonatype identify multiple malicious Python packages in PyPi that contain ransomware scripts. These packages are named after a legitimate, widely known library called 'Requests.'
The supermarket group Rede Top is hit with a cyber attack.
Unknown
Wholesale and retail
CC
BR
Rede Top
18
02/08/2022
01/08/2022
01/08/2022
?
WDB Holdings
WDB Holdings confirms a ransomware attack.
Malware
Professional, scientific and technical
CC
JP
WDB Holdings, ransomware
19
02/08/2022
-
-
LockBit
Tekinox
Tekinox, an Italian manufacturing company is hit with a LockBit ransomware attack.
Malware
Manufacturing
CC
IT
Tekinox, LockBit, ransomware
20
02/08/2022
-
-
?
Undisclosed Italian Company
The data of 700,000 residents in Italy, allegedly stolen from an undisclosed Italian company, is put on sale.
Unknown
Unknown
CC
IT
Italy
21
03/08/2022
02/08/2022
02/08/2022
?
Solana
The Solana blockchain platform suffers a cyber attack that leads to the theft of $5.2 million in crypto assets from 7,936 wallets.
Vulnerability
Fintech
CC
N/A
Solana
22
03/08/2022
Since at least one year
-
?
Organizations in Russia
Researchers from Malwarebytes discover a new Remote Access Trojan, dubbed Woody Rat, distributed via the Follina vulnerability, and targeting Russian organizations.
Malware
Multiple Industries
CC
RU
Malwarebytes, Woody Rat, Follina, Russia
23
03/08/2022
-
-
?
Association of German Chambers of Industry and Commerce (DIHK)
The Association of German Chambers of Industry and Commerce (DIHK) is forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.
Unknown
Administration and support service
CC
DE
Association of German Chambers of Industry and Commerce, DIHK
24
03/08/2022
Since mid-June 2022
-
RapperBot
Linux systems
Researchers from Fortinet discover a new botnet called 'RapperBot', used in attacks focusing on brute-forcing its way into Linux SSH servers.
Brute-force
Multiple Industries
CC
>1
Fortinet, RapperBot, Linux, SSH
25
03/08/2022
-
Late July 2022
GwisinLocker
South Korean industrial and pharmaceutical firms
Researchers from AhnLab and ReversingLabs discover a new ransomware, named GwisinLocker, targeting Linux systems belonging to firms in South Korea.
Researchers from Inky detect many instances of bad actors sending phishing emails that took advantage of open redirect vulnerabilities affecting American Express and Snapchat domains.
Account Takeover
Multiple Industries
CC
>1
Inky, American Express, Snapchat
27
03/08/2022
24/12/2021
15/06/2022
?
Independent Case Management (ICM)
Independent Case Management (ICM) informs 3,307 persons about the potential theft of some of their protected health information (PHI) in a ransomware attack.
Malware
Human health and social work
CC
US
Independent Case Management, ICM, ransomware
28
03/08/2022
-
-
Guacamaya
ENAMI
An hacktivist group called Guacamaya publishes more than 2TB of data from multiple companies including ENAMI, an Ecuadorian state mining company.
Unknown
Mining and quarrying
H
EC
Guacamaya, ENAMI
29
03/08/2022
-
-
Guacamaya
Agencia Nacional de Hidrocarburos (ANH)
The Agencia Nacional de Hidrocarburos (ANH) in Colombia is also among the victims of the Guacamaya leak
Unknown
Mining and quarrying
H
CO
Guacamaya, Agencia Nacional de Hidrocarburos, ANH
30
03/08/2022
-
-
Guacamaya
New Granada Energy Corporation
The New Granada Energy Corporation in Colombia is also among the victims of the Guacamaya leak
Unknown
Mining and quarrying
H
CO
Guacamaya, New Granada Energy Corporation
31
03/08/2022
-
-
Guacamaya
Quiborax
Quiborax, a mining company in Chile, is also among the victims of the Guacamaya leak.
Unknown
Mining and quarrying
H
CL
Guacamaya, Quiborax
32
03/08/2022
-
-
Guacamaya
Oryx
Oryx, an oil company in Venezuela, is also among the victims of the Guacamaya leak.
Unknown
Mining and quarrying
H
VE
Guacamaya, Oryx
33
03/08/2022
-
-
Guacamaya
Tejucana
Tejucana, a Brazilian mining company, is also among the victims of the Guacamaya leak.
Unknown
Mining and quarrying
H
BR
Guacamaya, Tejucana
34
03/08/2022
-
-
Guacamaya
Guatemala’s Ministerio De Ambiente y Recursos Naturales.
The Guatemala’s Ministerio De Ambiente y Recursos Naturales, is also among the victims of the Guacamaya leak.
Unknown
Public admin and defence, social security
H
GT
Guacamaya, Ministerio De Ambiente y Recursos Naturales
35
03/08/2022
03/08/2022
03/08/2022
Anonymous
Heilongjiang Society Scientific Community Federations
Hackers claiming to be affiliated with Anonymous deface a Chinese government website in support of Taiwan and Speaker of the House Nancy Pelosi’s visit to the country.
Defacement
Public admin and defence, social security
H
CN
Anonymous, Taiwan, Nancy Pelosi, Heilongjiang Society Scientific Community Federations
36
03/08/2022
'Recently'
'Recently'
Projector Libra AKA EXOTIC LILY
Multiple organizations
Researchers from Palo Alto Networks, discover a new campaign distributing the Bumblebee malware.
Security researchers discover a massive attack carried out by cloning 35,000 GitHub repositories with malware-infected copies.
Malware
Multiple Industries
CC
>1
GitHub
38
03/08/2022
30/07/2022
30/07/2022
?
Tribunal de Justiça do Distrito Federal e dos Territórios
Tribunal de Justiça do Distrito Federal e dos Territórios is back online after being hit by a cyber attack.
Unknown
Public admin and defence, social security
CC
BR
Tribunal de Justiça do Distrito Federal e dos Territórios
39
03/08/2022
-
-
Vice Society
Linn-Mar School District
Linn-Mar School District is hit with a Vice Society ransomware attack.
Malware
Education
CC
US
Linn-Mar School District is, Vice Society, ransomware
40
03/08/2022
10/07/2022
10/07/2022
?
The Country Club at Woodfield (Woodfield Country Club)
The Country Club at Woodfield (Woodfield Country Club) reports a data breach after the organization learned it was the victim of a cyberattack.
Unknown
Accommodation and food service
CC
US
The Country Club at Woodfield, Woodfield Country Club
41
04/08/2022
-
-
China
U.S. and its allies
Researchers from Mandiant identify HaiEnergy, an ongoing information operations campaign leveraging a network of at least 72 suspected inauthentic news sites and a number of suspected inauthentic social media assets to disseminate content strategically aligned with the political interests of the People’s Republic of China (PRC).
Coordinated Inauthentic Behavior
Public admin and defence, social security
CW
US
>1
Mandiant, China, US, HaiEnergy
42
04/08/2022
03/08/2022
03/08/2022
?
Taiwan’s Ministry of National Defense
Taiwan’s Ministry of National Defense says its network was taken offline by a distributed denial-of-service (DDoS) incident for about two hours following a visit to the island from U.S. House Speaker Nancy Pelosi.
DDoS
Public admin and defence, social security
H
TW
Taiwan, Ministry of National Defense, China, Nancy Pelosi
43
04/08/2022
-
End of July 2022
?
QuestionPro
Hackers attempt to extort the online survey platform QuestionPro after claiming to have stolen the company's database containing respondents' personal information.
Unknown
Other service activities
CC
US
QuestionPro
44
04/08/2022
Since at least mid-June 2022
-
?
Vulnerable Zimbra servers
The Cybersecurity and Infrastructure Security Agency (CISA) adds the Zimbra CVE-2022-27924 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by attackers.
CVE-2022-27924 Vulnerability
Multiple Industries
N/A
US
Cybersecurity and Infrastructure Security Agency, CISA, Zimbra, CVE-2022-27924
45
04/08/2022
Since at least February 2022
-
Lazarus Group
Employees in the fintech industry
A new social engineering campaign by the notorious North Korean Lazarus hacking group is discovered, with the hackers impersonating Coinbase to target employees in the fintech industry.
Malware
Fintech
CC
>1
Lazarus, Coinbase
46
04/08/2022
'Recently'
'Recently'
Ousaban
Banking users
Researchers from Netskope discover a new variant of the Ousaban financial malware that are abuse multiple cloud services throughout the attack flow.
Malware
Finance and insurance
CC
>1
Netskope, Ousaban
47
04/08/2022
12/04/2022
12/04/2022
?
Practice Resources
Medical billing and practice management company Practice Resources, LLC (PRL) notifies 942,138 individuals of a ransomware attack that impacted 26 of its healthcare organization clients.
Malware
Professional, scientific and technical
CC
US
Practice Resources, Ransomware
48
04/08/2022
End of July 2022
-
?
Indian banking customers
Researchers from CloudSEK discover a new phishing campaign using Hostinger’s preview domains feature to target Indian banking customers.
Account Takeover
Finance and insurance
CC
IN
CloudSEK, Hostinger
49
04/08/2022
During May 2022
During May 2022
?
Multiple organizations
Researchers from Avanan discover a new phishing campaign exploiting the popular app LucidChart to host phishing pages.
Account Takeover
Multiple Industries
CC
>1
Avanan, Lucidchart
50
04/08/2022
'Recently'
'Recently'
?
Multiple organizations
Researchers from Zscaler discover a new variant of the emerging X-FILES infostealer attack with enhanced features to exfiltrate sensitive information
Malware
Multiple Industries
CC
>1
Zscaler, X-FILES
51
04/08/2022
16/07/2022
05/08/2022
?
Spinneys
Spinneys, a major retailer in UAE, discloses a ransomware attack.
Malware
Wholesale and retail
CC
UAE
Spinneys, ransomware
52
04/08/2022
Since at least June 2021
09/02/2022
?
Friedrich Air Conditioning
Friedrich Air Conditioning reports a data breach after the company detected a data security incident affecting the functionality of its network.
Unknown
Manufacturing
CC
US
Friedrich Air Conditioning
53
04/08/2022
-
-
Hive
ENN Group
ENN Group, a Chinese energy producer is hit by a Hive ransomware attack.
Malware
Electricity, gas steam, air conditioning
CC
CN
ENN Group, Hive
54
05/08/2022
05/08/2022
05/08/2022
?
Colosseum Dental Benelux
Colosseum Dental Benelux is hit with a ransomware attack. More than 100 shops are forced to close.
Malware
Human health and social work
CC
NL
Colosseum Dental Benelux, ransomware
55
05/08/2022
Since at least March 2022
During March 2022
Cyber Front Z
Individuals in Ukraine
Researchers from Meta take down a network of Instagram accounts operated by a troll farm in St. Petersburg, Russia, which targeted global public discourse about the war in Ukraine.
Coordinated Inauthentic Behavior
Individual
CW
UA
Meta, Cyber Front Z, Russia, Ukraine
56
05/08/2022
During Q2 2022
During Q2 2022
Bitter APT
Individuals in New Zealand, India, Pakistan
and the United Kingdom
Researchers from Meta reveal to have discovered and taken down a new campaign carried out by Bitter APT via a new Android malware called Dracarys.
Malware
Individual
CE
NZ
IN
PK
UK
Meta, Bitter APT, Android, Dracarys
57
05/08/2022
During Q2 2022
During Q2 2022
APT36 AKA Transparent Tribe
Individuals in Afghanistan, India, Pakistan, UAE, and Saudi Arabia
Researchers from Meta reveal to have discovered and taken down a new campaign carried out by APT36 via a new malware called LazaSpy.
Malware
Individual
CE
AF
IN
PK
AE
SA
Meta, APT36, LazaSpy; Transparent Tribe
58
05/08/2022
During Q2 2022
During Q2 2022
?
Individuals in Indonesia, primarily within the Wahhabi Muslim community.
Researchers from Meta remove a network of about 2,800 Facebook accounts, groups and pages in Indonesia that worked together to falsely report people for various violations, including hate speech, impersonation, terrorism and bullying.
Coordinated Inauthentic Behavior
Individual
CC
ID
Meta, Indonesia; Facebook
59
05/08/2022
During Q2 2022
During Q2 2022
?
Individuals in India
Researchers from Meta remove a network of about 300 accounts on Facebook and Instagram in India that worked together to mass-harass people, including activists, comedians, actors and other influencers
Coordinated Inauthentic Behavior
Individual
CC
IN
Meta, India, Facebook, Instagram
60
05/08/2022
During Q2 2022
During Q2 2022
?
Individuals in Greece
Researchers from Meta remove two clusters of accounts and Pages on Facebook and Instagram that violated policies against misinformation, hate speech and incitement to violent overthrow of the government.
Coordinated Inauthentic Behavior
Individual
CC
GR
Meta, Greece, Facebook, Instagram
61
05/08/2022
During Q2 2022
During Q2 2022
?
Women in India
Researchers from Meta remove several clusters totalling about 2,000 accounts, Pages and Groups on Facebook and Instagram that targeted women in India with sexualizing content and harassment.
Coordinated Inauthentic Behavior
Individual
CC
IN
Meta, India, Facebook, Instagram
62
05/08/2022
During Q2 2022
During Q2 2022
Operation Dudula
Migrants from other countries in Africa to South Africa
Researchers from Meta remove several clusters totalling about 200 Facebook accounts, Pages and groups that coordinated the harassment of migrants from other countries in Africa.
Coordinated Inauthentic Behavior
Individual
CC
ZA
Meta, South Africa, Facebook, Operation Dudula
63
05/08/2022
During Q2 2022
During Q2 2022
?
Individuals in Malaysia
Researchers from Meta remove 596 Facebook accounts, 180 Pages, 11 Groups and 72 Instagram accounts for coordinated inauthentic behavior, targeting domestic audiences in that country.
Coordinated Inauthentic Behavior
Individual
CC
MY
Meta, Malaysia, Facebook, Instagram
64
05/08/2022
During Q2 2022
During Q2 2022
?
Individuals in Angola, Nigeria and the Gaza region in Palestine
Researchers from Meta remove 259 Facebook accounts, 42 Pages, 9 Groups and 107 Instagram accounts for coordinated inauthentic behavior, targeting domestic audiences in Angola, Nigeria and the Gaza region in Palestine
Coordinated Inauthentic Behavior
Individual
CW
AO
NG
PS
Meta, Israel, Facebook, Instagram
65
05/08/2022
04/08/2022
04/08/2022
?
Advanced
United Kingdom's National Health Service (NHS) 111 emergency services are affected by a significant and ongoing outage triggered by a cyberattack that hit the systems of British managed service provider (MSP) Advanced.
Unknown
Professional, scientific and technical
CC
UK
NHS, 111, Advanced
66
05/08/2022
04/08/2022
04/08/2022
Lazarus Group
deBridge Finance
Attackers suspected to be from the North Korean Lazarus group used a phishing email to trick company employees and steal cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains.
Malware
Fintech
CC
N/A
North Korea, Lazarus group, deBridge Finance
67
05/08/2022
Since at least February 2021
'Recently'
Orchard
Multiple organizations
Researchers from 360 Netlab discover a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account transaction information to generate DGA domain name.
Priority Health issues a notice about a third-party data breach that originated at the law firm Warner Norcross & Judd (WNJ) in October 2021 when WNJ discovered unauthorized activity on some of its systems. The incident impacted approximately 120,000 members.
Unknown
Human health and social work
CC
US
Priority Health, Warner Norcross & Judd, WNJ
69
05/08/2022
24/08/2022
24/08/2022
Donut Leaks
Sheppard Robson
Sheppard Robson, a UK architecture firm suffers a ransomware attack.
Malware
Professional, scientific and technical
CC
US
Sheppard Robson, ransomware attack, Donut Leaks
70
05/08/2022
-
-
?
Cellebrite
An anonymous source leaks around 4TB of proprietary data belonging to Israeli digital intelligence firm, Cellebrite.
Unknown
Professional, scientific and technical
H
IL
Cellebrite
71
05/08/2022
Between 04/11/2021 and 14/02/2022
14/02/2022
?
Centerstone
Centerstone, a nonprofit health organization, discloses an email security incident that may have involved personal and protected health information belonging to certain current and former Centerstone clients.
Account Takeover
Human health and social work
CC
US
Centerstone
72
05/08/2022
-
-
?
Warsaw Municipal Police
The Warsaw Municipal Police suffers a DDoS attack carried out flooding their systems with emails.
DDoS
Public admin and defence, social security
CC
PL
Warsaw Municipal Police
73
05/08/2022
04/08/2022
04/08/2022
?
Brazil National Petroleum, Natural Gas and Biofuels Agency (ANP)
The Brazil National Petroleum, Natural Gas and Biofuels Agency (ANP) is taken down after an attempted cyber attack.
Unknown
Public admin and defence, social security
CC
BR
Brazil, National Petroleum, Natural Gas and Biofuels Agency, ANP
74
05/08/2022
-
09/06/2022
?
Atlantic Dialysis Management Services (ADMS)
Atlantic Dialysis Management Services notifies its patients of a data security incident.
Unknown
Human health and social work
CC
US
Atlantic Dialysis Management Services, ADMS
75
05/08/2022
-
-
BlackCat AKA ALPHV
AD Consulting
AD Consulting is hit with a BlackCat ransomware attack.
Malware
Professional, scientific and technical
CC
IT
AD Consulting, BlackCat, ALPHV, ransomware
76
06/08/2022
06/08/2022
06/08/2022
?
Formosa Television (FTV)
Formosa Television (FTV) suffers a cyber attack and its live online content is changed to pro-China messages.
Unknown
Information and communication
H
TW
Formosa Television, FTV
77
06/08/2022
26/05/2022
-
Hive
SERV Behavioral Health System
SERV Behavioral Health System is allegedly hit by a Hive ransomware attack.
Malware
Human health and social work
CC
US
SERV Behavioral Health System, Hive, Ransomware
78
06/08/2022
16/06/2022
-
?
Disability Help Group
Disability Help Group is hit by a ransomware attack.
Malware
Human health and social work
CC
US
Disability Help Group, ransomware
79
07/08/2022
04/08/2022
04/08/2022
?
Twilio
Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.
Account Takeover
Professional, scientific and technical
CC
US
Twilio, SMS, Phishing
80
07/08/2022
Around the beginning of August 2022
-
?
Multiple organizations
Researchers from Resecure discover a phishing campaign leveraging the LogoKit to exploit Open Redirect vulnerabilities for multiple popular domains.
Account Takeover
Multiple Industries
CC
>1
Resecure LogoKit, Open Redirect
81
07/08/2022
07/08/2022
07/08/2022
?
Steven Galanis
Steven Galanis, the CEO of celebrity video platform Cameo gets his Apple ID hacked, and as a result, he loses a variety of NFTs.
Account Takeover
Individual
CC
US
Steven Galanis, Cameo, Apple ID, NFT, Bored Ape
82
07/08/2022
-
-
Bl00dy
Primary Care of Long Island
Primary Care of Long Island is hit with a ransomware attack.
Malware
Human health and social work
CC
US
Primary Care of Long Island, Bl00dy, ransomware
83
07/08/2022
-
-
Bl00dy
oncallpractice.com
oncallpractice.com is hit with a ransomware attack.
Malware
Human health and social work
CC
US
oncallpractice.com, Bl00dy, ransomware
84
08/08/2022
During January 2022
During January 2022
TA428
Military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan
Researchers from Kaspersky discover a new campaign by the Chinese group TA428 using a new backdoor called PortDoor.
Targeted Attack
Multiple Industries
CE
AF
EU
Kaspersky, China, TA428 PortDoor
85
08/08/2022
08/08/2022
08/08/2022
?
7-Eleven
7-Eleven stores in Denmark shut down after a cyber attack disrupts stores’ payment and checkout systems throughout the country. A ransomware attack is confirmed few days later.
Malware
Wholesale and retail
CC
DK
7-Eleven, ransomware
86
08/08/2022
03/08/2022
03/08/2022
?
Klaviyo
Email marketing firm Klaviyo discloses a data breach after threat actors steal an employee's login credentials in a phishing attack and gain access to internal systems and download marketing lists for cryptocurrency-related customers
Account Takeover
Administration and support service
CC
US
Klaviyo
87
08/08/2022
-
-
?
Python Developers
Researchers from Check Point discover ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware.
Malware
Multiple Industries
CC
>1
Check Point, Python, PyPI
88
08/08/2022
During March 2022
During March 2022
Classicscam
Users of one of the leading classified platforms in Singapore
Researchers at Group-IB detect a new wave of phishing attacks in Singapore, part of the global campaign "Classicscam".
Account Takeover
Individual
CC
SG
Group-IB, Classicscam
89
08/08/2022
'Recently'
'Recently'
?
Multiple organizations
Researchers from Fortinet discover a new campaign delivering the SmokeLoader malware, and exploiting two old vulnerabilities: CVE-2017-0199 and CVE-2017-11882.
Columbia River Mental Health Services discloses a data security breach involving some employee email accounts.
Account Takeover
Human health and social work
CC
US
Columbia River Mental Health Services, CRMHS
91
08/08/2022
-
-
?
Coinbase users
Researchers from PIXM discover a new campaign spoofing the popular cryptocurrency exchange Coinbase to trick users into logging into their accounts and gain access to steal victim funds,
Account Takeover
Fintech
CC
>1
PIXM, Coinbase
92
08/08/2022
06/08/2022
06/08/2022
?
Bulgarian Food Safety Agency (BFSA)
The website and servers of the Bulgarian Food Safety Agency (BFSA) have come under a cyber attack.
Unknown
Public admin and defence, social security
CC
BG
Bulgarian Food Safety Agency, BFSA
93
08/08/2022
08/08/2022
08/08/2022
?
Câmara Municipal de Teresina
The Câmara Municipal de Teresina in Brazil is taken down after a cyber attack.
Unknown
Public admin and defence, social security
CC
BR
Câmara Municipal de Teresina
94
08/08/2022
-
22/07/2021
?
eCapital Corp.
eCapital Corp. reports a data breach after the company detected unauthorized access within its computer network.
Unknown
Finance and insurance
CC
US
eCapital Corp.
95
09/08/2022
09/08/2022
09/08/2022
NoName057(16)
Finland’s parliament
Pro-Russian hackers from the NoName057(16) take down the website of Finland’s parliament, citing Helsinki’s NATO application as the reason behind the DDoS attack.
DDoS
Public admin and defence, social security
H
FI
NoName057(16), Finland, Russia, NATO
96
09/08/2022
20/07/2022
20/07/2022
?
Cloudflare
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio's network being breached last week.
Account Takeover
Professional, scientific and technical
CC
US
Cloudflare
97
09/08/2022
-
-
?
Multiple organizations
Microsoft releases security updates to address CVE-2022-34713 (AKA DogWalk), a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.
CVE-2022-34713 Vulnerability
Multiple Industries
N/A
US
Microsoft, CVE-2022-34713, DogWalk, Windows
98
09/08/2022
Since at least June 2022
-
?
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA) addes the Windows UnRAR CVE-2022-30333 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by attackers.
CVE-2022-30333 Vulnerability
Multiple Industries
N/A
US
Cybersecurity and Infrastructure Security Agency, CISA, Windows, UnRAR, CVE-2022-30333
99
09/08/2022
Throughout 2022
Throughout 2022
?
Crypto users
Researchers from Netskope discover a campaign where attackers have been creating phishing pages in Google Sites and Microsoft Azure Web App to steal cryptocurrency wallets and accounts from Coinbase, MetaMask, Kraken, and Gemini.
Account Takeover
Fintech
CC
>1
Netskope, Google Sites, Microsoft Azure Web App, Coinbase, MetaMask, Kraken, Gemini
100
09/08/2022
Since Early May 2022
Since Early May 2022
Tropical Scorpius
Multiple organizations
Researchers from Palo Alto Networks discover a new threat actor, named "Tropical Scorpius" deploying the Cuba ransomware using a novel Remote Access Tool dubbed ROMCOM RAT.
Malware
Multiple Industries
CC
>1
Palo Alto Networks, Tropical Scorpius, Cuba, ransomware, ROMCOM RAT
101
09/08/2022
09/08/2022
09/08/2022
?
Curve Finance
Curve Finance is compromised, as threat actors are able to effectively “clone” curve.fi and send user traffic to its fake crypto-exchange site. $770,000 worth is stolen by the attackers.
DNS Hijacking
Fintech
CC
N/A
Curve Finance
102
09/08/2022
08/08/2022
08/08/2022
?
Bombardier Recreational Products (BRP)
BRP discloses a ransomware attack that forces the company to suspend the operations temporarily.
Malware
Manufacturing
CC
CA
BRP, Ransomware, Bombardier Recreational Products
103
09/08/2022
During the previous week
During the previous week
?
Simon-Marius-Gymnasium
The computer systems of the Simon-Marius-Gymnasium in Gunzenhausen are temporarily unavailable after a ransomware attack.
Unknown
Education
CC
DE
Simon-Marius-Gymnasium, ransomware
104
09/08/2022
During June 2022
-
?
Atsugishi Fishery Cooperative Association
The Atsugishi Fishery Cooperative Association reveals that customer information on the store’s mail order site, Auroko, may have been leaked to outside parties due to infection by the malware Emotet.
Malware
Accommodation and food service
CC
JP
Atsugishi Fishery Cooperative Association, Emotet
105
09/08/2022
-
-
?
Judicial Poder of Quintana Roo
The Judicial Poder of Quintana Roo suffers a ransomware attack.
Malware
Public admin and defence, social security
CC
MX
Judicial Poder of Quintana Roo, ransomware
106
09/08/2022
Since June 2022
During June 2022
?
Multiple organizations
Researchers from Zscaler discover a new large-scale phishing campaign targeting credentials for Gmail email services with a custom proxy-based phishing kit to bypass multi-factor authentication.
Account Takeover
Multiple Industries
CC
>1
Zscaler, Gmail
107
09/08/2022
11/06/2022
-
?
Texas Meter & Device Company (TMD)
Texas Meter & Device Company (TMD) reports a data breach stemming from an incident in which an attacker gained access to the company’s computer network.
Unknown
Electricity, gas steam, air conditioning
CC
US
Texas Meter & Device Company, TMD
108
10/08/2022
During May 2022
24/05/2022
Initial access broker (IAB) with ties to the UNC2447 cyber crime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.
Cisco
Cisco confirms that a threat actor breached its corporate network and tried to extort them under the threat of leaking stolen files online.
Account Takeover
Professional, scientific and technical
CC
US
Cisco, UNC2447, Lapsus$, Yanluowang, ransomware
109
10/08/2022
Since April 2022
-
Silent Ransom Group (SRG) AKA Luna Moth
Multiple organizations
Researchers from Advintel reveal that the Silent Ransom Group, a spin-off of the Conti ransomware gang, is now using BazarCall phishing tactics as the primary method to gain initial access to a victim’s network.
Social Engineering
Multiple Industries
CC
>1
Advintel, Silent Ransom Group, Luna Moth, Conti, BazarCall, ransomware
110
10/08/2022
Since mid-June 2022
-
Quantum
Multiple organizations
Researchers from Advintel reveal that the Quantum group, another spin-off of the Conti ransomware gang, is now using BazarCall phishing tactics as the primary method to gain initial access to a victim’s network in what they call operation "Jörmungandr".
Researchers from Advintel reveal that Roy/Zeon, yet another spin-off of the Conti ransomware gang, is now using BazarCall phishing tactics as the primary method to gain initial access to a victim’s network.
Social Engineering
Multiple Industries
CC
>1
Advintel, Roy/Zeon, Conti, BazarCall, ransomware
112
10/08/2022
20/04/2022
01/05/2022
15/05/2022
-
LockBit, Hive, and ALPHV/BlackCat
Undisclosed automotive supplier
Researchers from Sophos reveal that an automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours.
Malware
Manufacturing
CC
N/A
Sophos, LockBit, Hive, ALPHV, BlackCat
113
10/08/2022
During July and early August 2022
During July and early August 2022
Multiple threat actors
Multiple organizations
Researchers from Volexity reveal that an authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.
Palo Alto Networks issues a security advisory warning of CVE-2022-0028, an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products.
CVE-2022-0028 vulnerability
Multiple Industries
CC
>1
Palo Alto Networks, CVE-2022-0028, PAN-OS
115
10/08/2022
-
-
?
Butler County Health Care Center
Butler County Health Care Center is hit by a cyber attack thwarted with the support of FBI.
Unknown
Human health and social work
CC
US
Butler County Health Care Center, FBI
116
10/08/2022
-
-
BlueSky
Multiple organizations
Researchers from Palo Alto Networks discover a new ransomware, named BlueSky, characterized by a fast encryption.
Malware
Multiple Industries
CC
>1
Palo Alto Networks, BlueSky, ransomware
117
10/08/2022
Since at least late 2021
-
DeathStalker
Foreign and crypto exchanges
Researchers from Kaspersky discover a new campaign by the DeathStalker threat actor using VIleRAT targeting foreign and crypto exchanges.
Malware
Fintech
CC
>1
DeathStalker, Kaspersky, VileRAT
118
10/08/2022
27/07/2022
27/07/2022
RansomHouse
Municipalities of Valdisieve and Valdarno
The Municipalities of Valdisieve and Valdarno are hit with a RansomHouse ransomware attack.
Malware
Public admin and defence, social security
CC
IT
Municipalities of Valdisieve and Valdarno, RansomHouse, ransomware
119
10/08/2022
-
-
Daixin Team
Ista International
Ista International takes their systems offline after a ransomware attack. Daixin Team claims responsibility.
Malware
Professional, scientific and technical
CC
DE
Ista International, ransomware, Daixin Team
120
10/08/2022
During June 2022
During June 2022
?
Sumiwa Koun Co.
Sumiwa Koun Co. is hit with a ransomware attack.
Malware
Transportation and storage
CC
JP
Sumiwa Koun Co., ransomware
121
10/08/2022
'Recently'
'Recently'
?
Peruvian Congress of the Republic
Multiple members of the Peruvian Congress of the Republic receive suspicious messages on their cell phones after their information is leaked on the internet.
Unknown
Public admin and defence, social security
CC
PE
Peruvian Congress of the Republic
122
10/08/2022
-
-
ViktorLustig
University of Kashmir
A data breach at the University of Kashmir exposes the personal information of over 1 million students of the university and employees.
Unknown
Education
CC
IN
ViktorLustig, University of Kashmir
123
10/08/2022
19/03/2022
30/03/2022
?
NAF, Inc.
NAF, Inc. reports a data breach after detecting unusual activity on its network.
Unknown
Education
CC
US
NAF, Inc.
124
11/08/2022
01/08/2022
01/08/2022
Killnet
Lockheed Martin
The pro-Russian hacktivist gang known as Killnet claims responsibility for an attack to Lockheed Martin and leaks some PII data of its employees.
Unknown
Professional, scientific and technical
H
US
Russia, Killnet, Lockheed Martin
125
11/08/2022
11/08/2022
11/08/2022
Killnet
Website of Latvia’s parliament
The pro-Russian hacker gang known as Killnet takes down the website of Latvia’s parliament after lawmakers there designated Russia as a “state sponsor of terrorism.”
DDoS
Public admin and defence, social security
H
LT
Killnet, Latvia, Russia
126
11/08/2022
-
Since 21/06/2021
Zeppelin
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn US organizations that attackers deploying Zeppelin ransomware might encrypt their files multiple times.
Malware
Multiple Industries
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Zeppelin, ransomware
127
11/08/2022
SInce at least July 2022
During July 2022
SOVA
Android banking users
Researchers from Cleafy discover a new version of the SOVA Android banking trojan with the addition of a new ransomware feature that encrypts files on mobile devices.
Malware
Finance and insurance
CC
>1
Cleafy, SOVA, Android, ransomware
128
11/08/2022
Since at least 06/08/2020
Early August 2022
?
Multiple organizations
Researchers from Sonatype discover a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems.
Malware
Multiple Industries
CC
>1
Sonatype, PyPI, ‘secretslib‘ Linux, Crypto
129
11/08/2022
-
04/08/2022
?
Lee County Emergency Medical Services
Lee County Emergency Medical Services notifies an undisclosed number of individuals of a third-party security breach relating to Intermedix Corporation.
Unknown
Human health and social work
CC
US
Lee County Emergency Medical Services, Intermedix Corporation
130
11/08/2022
-
-
APT-C-35 AKA Do Not Team, Viceroy Tiger
Government departments, including Pakistan’s defence sector
Researchers from Morphisec reveal the details of the latest campaign by the APT-C-35 group targeting government departments, including Pakistan’s defence sector, using an updated version of the Jaca Windows malware toolkit.
Targeted Attack
Public admin and defence, social security
CE
PK
Morphisec, APT-C-35, Do Not Team, Viceroy Tiger, Pakistan, Jaca
131
11/08/2022
-
-
?
Unknown credit agency
A large database containing 23 Million unique records of AT&T customer is discovered in the dark web. The company claims the database has been taken from a credit agency.
Unknown
Finance and insurance
CC
US
AT&T
132
11/08/2022
-
-
?
iPay88
Payment gateway provider iPay88 reveals in a statement that it suffered a "cybersecurity incident" that may have compromised customers' card data.
Unknown
Finance and insurance
CC
MY
iPay88
133
11/08/2022
-
-
CopperStealer
Crypto users
Researchers from Trend Micro discover a new variant of the CopperStealer malware, stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension.
Malware
Fintech
CC
>1
TrendMicro, CopperStealer, Chromium
134
11/08/2022
During April 2022
-
?
Best Buy Users
Researchers from Avanan discover a new phishing campaign spoofing Best Buy and using Google Cloud Storage to host the malicious infrastructure.
Account Takeover
Individual
CC
US
Avanan, Best Buy, Google Cloud Storage
135
11/08/2022
Mid-April 2022
Mid-April 2022
?
Ypsilanti Community Utilities Authority
A ransomware infection may have exposed 2,000 Ypsilanti-area utility customers’ bank payment information to unauthorized individuals.
Malware
Public admin and defence, social security
CC
US
Ypsilanti Community Utilities Authority, ransomware
136
11/08/2022
-
-
?
MJH Life Sciences (MJH)
MJH Life Sciences (MJH) reports a data breach after the company suffers a cyberattack.
Unknown
Information and communication
CC
US
MJH Life Sciences, MJH
137
11/08/2022
-
-
?
Blume Global
Blume Global reports a data breach stemming from what the company characterizes as a malware attack.
Malware
Professional, scientific and technical
CC
US
Blume Global
138
12/08/2022
-
-
pompompurin
ShitExpress
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, is breached after a threat actor spots a vulnerability and downloads the entire database.
Undisclosed vulnerability
Other service activities
CC
N/A
pompompurin, ShitExpress
139
12/08/2022
Since June 2021
Since 26/05/2022
APT27 (aka Emissary Panda, Iron Tiger, and LuckyMouse)
Individuals in China
Researchers from Sekoia and Trend Micro reveal that a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' has been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems and an additional backdoor (HyperBro) used to steal data from Windows systems.
Targeted Attack
Individual
CE
CN
APT27, Emissary Panda, Iron Tiger, LuckyMouse, Sekoia, Trend Micro, China, MiMi, rshell, Linux, macOS, HyperBro, Windows
140
12/08/2022
-
-
?
MailChimp
MailChimp discloses a security incident targeting crypto companies.
Unknown
Administration and support service
CC
US
MailChimp
141
12/08/2022
14/04/2022
20/01/2022
?
Conifer Health Solutions
Conifer Health Solutions finds out that an unauthorized third-party acquired access to a business email account hosted by Microsoft Office 365.
Account Takeover
Human health and social work
CC
US
Conifer Health Solutions, Microsoft Office 365.
142
12/08/2022
Between 24/08/2021 and 28/08/2021
28/08/2021
?
United Health Centers of the San Joaquin Valley (UHC)
United Health Centers of the San Joaquin Valley (UHC) notifies individuals of a 2021 ransomware attack
Malware
Human health and social work
CC
US
United Health Centers of the San Joaquin Valley, UHC, ransomware
143
12/08/2022
Between 13/06/2022 and 14/06/2022
14/06/2022
?
Overlake Medical Center & Clinics
Overlake Medical Center & Clinics notifies 557 individuals of an email security incident involving some patient information.
Account Takeover
Human health and social work
CC
US
Overlake Medical Center & Clinics
144
12/08/2022
28/06/2022
Between 29/03/2022 and 28/06/2022
?
Onyx Technologies
Onyx Technologies notifies regulators and others about a ransomware attack that impacted 96,814 individuals.
Malware
Professional, scientific and technical
CC
US
Onyx Technologies, ransomware
145
12/08/2022
-
-
?
Organizations in the Healthcare Sector
The Health Sector Cybersecurity Coordination Center (HC3) warns the healthcare sector of a new phishing scheme that lures recipients to an Evernote site containing a downloadable Trojan file that steals credentials.
Malware
Human health and social work
CC
US
Health Sector Cybersecurity Coordination Center, HC3, Evernote
146
12/08/2022
10/08/2022
10/08/2022
XJP
COVID health mobile app run by the city of Shanghai
A hacker claims to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai.
Unknown
Human health and social work
CC
CN
XJP, COVID, Shanghai
147
12/08/2022
10/08/2022
10/08/2022
?
Presidency of Moldova
The e-mail server of the Presidency of Moldova is compromised.
Unknown
Public admin and defence, social security
CE
MD
Presidency of Moldova
148
12/08/2022
Between 23/03/2022 and 24/03/2022
24/03/2022
?
Morrie’s Auto Group
Morrie’s Auto Group reports a data breach after detecting suspicious activity within its computer system.
Unknown
Wholesale and retail
CC
US
Morrie’s Auto Group
149
13/08/2022
13/08/2022
13/08/2022
?
CS.MONEY
CS.MONEY, one of the largest platforms for trading CS:GO (Counter-Strike: Global Offensive) skins, takes its website offline after a cyberattack allows hackers to loot 20,000 items worth approximately $6,000,000.
Account Takeover
Arts entertainment, recreation
CC
N/A
CS.MONEY, CS:GO, Counter-Strike: Global Offensive
150
13/08/2022
?
BharatPay
Researchers from CloudSEK reveal that BharatPay’s backend database containing customers’ personal information, bank balance, and transaction data from Feb. 2018 to Aug. 2022 is leaked on a cybercrime forum.
Unknown
Finance and insurance
CC
IN
CloudSEK, BharatPay
151
14/08/2022
13/08/2022
13/08/2022
devfather777
Russian Counter-Strike 1.6 server
Researchers from Checkmarx detect a large-scale attack on the Python ecosystem uploading 12 typosquatting packages to the PyPi repository, containing malware performing DDoS attacks on a Counter-Strike 1.6 server.
The Chilean Empresa Nacional del Petróleo (ENAP) suffers a BEC scam, but is able to avoid financial losses thanks to a bank alert.
Business Email Compromise
Mining and quarrying
CC
CL
Empresa Nacional del Petróleo, ENAP, SilverTerrier
153
15/08/2022
Between July 15 and August 8, 2022.
-
Gamaredon (aka Armageddon or Shuckworm)
Multiple organizations in Ukraine
Researchers from Symantec discover a new campaign by the Gamaredon group targeting multiple organizations in Ukraine.
Targeted Attack
Multiple Industries
CE
UA
Gamaredon, Armageddon, Shuckworm
154
15/08/2022
-
-
SEABORGIUM (AKA ColdRiver and TA446)
People and organizations in NATO countries
The Microsoft Threat Intelligence Center (MSTIC) announces to have disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM targeting people and organizations in NATO countries.
Targeted Attack
Multiple Industries
CE
>1
SEABORGIUM, ColdRiver, TA446, Microsoft Threat Intelligence Center, MSTIC
155
15/08/2022
13/08/2022
13/08/2022
Play
Argentina's Judiciary of Córdoba
Argentina's Judiciary of Córdoba shuts down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation.
Malware
Public admin and defence, social security
CC
AR
Argentina's Judiciary of Córdoba, ransomware, Play
156
15/08/2022
-
-
Cl0p
South Staffordshire Water
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6m consumers daily, issues a statement confirming IT disruption from a cyberattack. The Cl0p ransomware gang claims responsibility but they misidentify the victim.
Malware
Water supply, waste mgmt, remediation
CC
UK
South Staffordshire Water, Cl0p, ransomware
157
15/08/2022
07/08/2022
07/08/2022
?
DigitalOcean
DigitalOcean warns customers that the recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets.
Account Takeover
Professional, scientific and technical
CC
US
DigitalOcean, MailChimp
158
15/08/2022
-
-
?
BlackByte 2.0
The BlackByte ransomware group is back and leaks immediately a new victim in their new website.
Malware
Unknown
CC
N/A
BlackByte, ransomware
159
15/08/2022
05/05/2022
05/05/2022
?
San Diego American Indian Health Center (SDAIHC)
San Diego American Indian Health Center (SDAIHC) discloses to have suffered a data breach that involved an undisclosed number of current and former individuals served by the health center.
Malware
Human health and social work
CC
US
San Diego American Indian Health Center, SDAIHC
160
15/08/2022
Between May 25 and June 2, 2022
02/06/2022
?
Florida Springs Surgery Center
Florida Springs Surgery Center discloses t was the victim of a phishing attack where 2,203 patients' information was affected.
Account Takeover
Human health and social work
CC
US
Florida Springs Surgery Center
161
15/08/2022
-
-
LV
Elefondati
Elefondati is hit with an LV ransomware attack. The attackers also offer a security audit, should the company decide to pay the ransom.
Malware
Professional, scientific and technical
CC
IT
Elefondati, LV, ransomware
162
15/08/2022
-
10/06/2022
?
Clark Patterson Lee (CPL)
Clark Patterson Lee (CPL) reports a data breach after the company experienced what appears to be a ransomware attack.
Malware
Professional, scientific and technical
CC
US
Clark Patterson Lee, CPL, ransomware
163
15/08/2022
-
-
?
United HealthCare Services
United HealthCare Services confirms that the company experienced a data breach.
Unknown
Finance and insurance
CC
US
United HealthCare Services
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...