1-15 August 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

If you expected a Summer break in the attack trend you will be disappointed. In the first half of August 2022 I have recorded the second highest number of events, and the higher in absolute if we consider the events per day.

In reality the Summer also brought a new wave of ransomware attacks. 41 out of 149 events (27.5%) were characterized by this attack vector, meaning that we are back at values similar to the first timeline of July (25.2%.) On the other hand, 14 out of 149 events were characterized by the exploitation of vulnerabilities in line with the previous timeline.

16-31 July 2023 Cyber Attacks Timeline

New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during…

The massive hacks against crypto platform continued also during the fist half of August, with a new record achieved by Nomad, which lost nearly $200M worth of cryptovalues after a vulnerability in a recent update was discovered and replicated by dozens of attackers. A number that overshadowed the losses suffered by Solana and Curved Finance (respectively roughly $5M and $800K).

And the Summer did not even stop mega breaches: millions of new records have been added to the pile of compromised accounts: a COVID-19 health app in China (48.5M records), an unknown credit agency (23M records), and the University of Kashmir (1M records) are the most notable examples.

The hybrid warfare in Ukraine confirmed the decreasing trend. This timeline saw multiple DDoS attacks carried out by the pro-Russian collective Killnet and their affiliates. Maybe the operations against Ukraine flew under the radar. The only ones deserved to be mentioned are the massive bot farm (1M bots) taken down by the Ukrainian cyber police (SSU) and a new campaign by the infamous Gamaredon group. Indirectly related to Ukraine is also the operation linked to a Russian threat actor tracked as SEABORGIUM targeting people and organizations in NATO countries.

But the cyber espionage front is always rich of events, the timeline reports new campaigns by the usual suspects such as: Charming Kitten, Bitter APT, APT36, APT-C-35, APT27, and many other threat actors, some of which emerged for the first time, such as the Chinese group that created the Manjusaka exploitation framework, or the actor tracked as TAC-040, very busy in exploiting the Atlassian Confluence flaw CVE-2022-26134.

As usual the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map August H1 2022

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	01/08/2022	01/08/2022	01/08/2022	Killnet	Lockheed Martin	The pro-Russian group Killnet claims responsibility for a DDoS attack against Lockheed Martin.	DDoS	Professional, scientific and technical	H	US		Killnet, LockHeed Martin
2	01/08/2022	-	-	?	Wiseasy	Attackers have access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy.	Unknown	Manufacturing	CC	US		Wiseasy
3	01/08/2022	-	-	LV	Semikron	German power electronics manufacturer Semikron discloses that it was hit by a ransomware attack that partially encrypted the company's network. The attackers stole 2TB of data.	Malware	Manufacturing	CC	DE		Semikron, LV, ransomware
4	01/08/2022	-	-	?	Users of the Atomic wallet	A fake website impersonating the official portal for the Atomic wallet, a popular decentralized wallet that also operates as a cryptocurrency exchange portal, is, in reality, distributing copies of the Mars Stealer information-stealing malware.	Malware	Fintech	CC	>1		Atomic Mars Stealer
5	01/08/2022	31/07/2022	31/07/2022	?	Twitter account of WWE Hall of Famer Mick Foley	The Twitter account of WWE Hall of Famer Mick Foley is compromised by a hacker who used his account to deploy a PS5 giveaway scam.	Account Takeover	Individual	CC	US		Twitter, WWE, Hall of Fame, Mick Foley
6	01/08/2022	01/08/2022	01/08/2022	?	Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan	The official Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan is hacked in order to promote a cryptocurrency scam.	Account Takeover	Individual	CC	PK		Instagram, Imran Khan
7	02/08/2022	02/08/2022	02/08/2022	?	Several websites run by the government of Taiwan	Several websites run by the government of Taiwan are disrupted by DDoS attacks hours before U.S. House Speaker Nancy Pelosi became the first high-ranking U.S. official in 25 years to visit the country.	DDoS	Public admin and defence, social security	H	TW		Taiwan, China, Nancy Pelosi
8	02/08/2022	01/08/2022	01/08/2022	?	Nomad	Crypto platform Nomad is robbed of more than $156 million in cryptocurrency after a vulnerability in a recent update was discovered and replicated by dozens of attackers.	Vulnerability	Fintech	CC	US		Nomad
9	02/08/2022	-	-	Members of the Russian special services?	Individuals in Ukraine	The Ukrainian cyber police (SSU) shuts down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks.	Coordinated Inauthentic Behavior	Individual	CW	UA		Ukraine, Russia
10	02/08/2022	Since at least June H2 2022	'Recently'	Chinese threat actors	Multiple organizations	Researchers from Cisco Talos discover a new post-exploitation attack framework used in the wild, named Manjusaka, which can be deployed as an alternative or in parallel to the Cobalt Strike toolset.	Malware	Multiple Industries	CE	>1		Cisco Talos, Manjusaka, Cobalt Strike
11	02/08/2022	16-17/07/2022	18/07/2022	Russian ransomware group	Spanish National Research Council (CSIC)	The Spanish National Research Council (CSIC) reveals to have been hit by a ransomware attack that is now attributed to Russian hackers.	Malware	Public admin and defence, social security	CC	ES		Spanish National Research Council, CSIC, ransomware, Russia
12	02/08/2022	'Recently'	'Recently'	SolidBit	League of Legend gamers	Researchers from Trend Micro discover a variant of the SolidBit ransomware targeting gamers of the popular League of Legend game.	Malware	Arts entertainment, recreation	CC	>1		Trend Micro, SolidBit, ransomware, League of Legend
13	02/08/2022	Since June 2022	During June 2022	?	Multiple organizations	Researchers from Zscaler discover a new large-scale phishing campaign targeting credentials for Microsoft email services with a custom proxy-based phishing kit to bypass multi-factor authentication.	Account Takeover	Multiple Industries	CC	>1		Zscaler, Microsoft 365
14	02/08/2022	End of May 2022	'Recently'	TAC-040	Undisclosed organization	Researchers from Deepwatch reveal that a threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor.	Malware	Unknown	CE	N/A		Deepwatch, TAC-040, CVE-2022-26134, Ljl
15	02/08/2022	Since late 2021	-	Charming Kitten (AKA PHOSPHORUS, UNC788, Yellow Garuda)	Multiple organizations and individuals	Researchers from PWC discover a new campaign by the Iranian threat actor Charming Kitten using a new Telegram grabber tool and malicious macro-enabled Word documents.	Targeted Attack	Multiple Industries	CE	>1		Charming Kitten, PWC, PHOSPHORUS, UNC788, Yellow Garuda, Telegram
16	02/08/2022	-	-	?	Multiple organizations	Researchers from Sonatype identify multiple malicious Python packages in PyPi that contain ransomware scripts. These packages are named after a legitimate, widely known library called 'Requests.'	Malware	Multiple Industries	CC	>1		Sonatype, Python, ransomware scripts, 'Requests', PyPi
17	02/08/2022	26/07/2022	26/07/2022	?	Rede Top	The supermarket group Rede Top is hit with a cyber attack.	Unknown	Wholesale and retail	CC	BR		Rede Top
18	02/08/2022	01/08/2022	01/08/2022	?	WDB Holdings	WDB Holdings confirms a ransomware attack.	Malware	Professional, scientific and technical	CC	JP		WDB Holdings, ransomware
19	02/08/2022	-	-	LockBit	Tekinox	Tekinox, an Italian manufacturing company is hit with a LockBit ransomware attack.	Malware	Manufacturing	CC	IT		Tekinox, LockBit, ransomware
20	02/08/2022	-	-	?	Undisclosed Italian Company	The data of 700,000 residents in Italy, allegedly stolen from an undisclosed Italian company, is put on sale.	Unknown	Unknown	CC	IT		Italy
21	03/08/2022	02/08/2022	02/08/2022	?	Solana	The Solana blockchain platform suffers a cyber attack that leads to the theft of $5.2 million in crypto assets from 7,936 wallets.	Vulnerability	Fintech	CC	N/A		Solana
22	03/08/2022	Since at least one year	-	?	Organizations in Russia	Researchers from Malwarebytes discover a new Remote Access Trojan, dubbed Woody Rat, distributed via the Follina vulnerability, and targeting Russian organizations.	Malware	Multiple Industries	CC	RU		Malwarebytes, Woody Rat, Follina, Russia
23	03/08/2022	-	-	?	Association of German Chambers of Industry and Commerce (DIHK)	The Association of German Chambers of Industry and Commerce (DIHK) is forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.	Unknown	Administration and support service	CC	DE		Association of German Chambers of Industry and Commerce, DIHK
24	03/08/2022	Since mid-June 2022	-	RapperBot	Linux systems	Researchers from Fortinet discover a new botnet called 'RapperBot', used in attacks focusing on brute-forcing its way into Linux SSH servers.	Brute-force	Multiple Industries	CC	>1		Fortinet, RapperBot, Linux, SSH
25	03/08/2022	-	Late July 2022	GwisinLocker	South Korean industrial and pharmaceutical firms	Researchers from AhnLab and ReversingLabs discover a new ransomware, named GwisinLocker, targeting Linux systems belonging to firms in South Korea.	Malware	Multiple Industries	CC	KR		AhnLab, ReversingLabs, GwisinLocker, Linux, ransomware
26	03/08/2022	From mid-May through late July	-	?	Google Workspace and Microsoft 365 users	Researchers from Inky detect many instances of bad actors sending phishing emails that took advantage of open redirect vulnerabilities affecting American Express and Snapchat domains.	Account Takeover	Multiple Industries	CC	>1		Inky, American Express, Snapchat
27	03/08/2022	24/12/2021	15/06/2022	?	Independent Case Management (ICM)	Independent Case Management (ICM) informs 3,307 persons about the potential theft of some of their protected health information (PHI) in a ransomware attack.	Malware	Human health and social work	CC	US		Independent Case Management, ICM, ransomware
28	03/08/2022	-	-	Guacamaya	ENAMI	An hacktivist group called Guacamaya publishes more than 2TB of data from multiple companies including ENAMI, an Ecuadorian state mining company.	Unknown	Mining and quarrying	H	EC		Guacamaya, ENAMI
29	03/08/2022	-	-	Guacamaya	Agencia Nacional de Hidrocarburos (ANH)	The Agencia Nacional de Hidrocarburos (ANH) in Colombia is also among the victims of the Guacamaya leak	Unknown	Mining and quarrying	H	CO		Guacamaya, Agencia Nacional de Hidrocarburos, ANH
30	03/08/2022	-	-	Guacamaya	New Granada Energy Corporation	The New Granada Energy Corporation in Colombia is also among the victims of the Guacamaya leak	Unknown	Mining and quarrying	H	CO		Guacamaya, New Granada Energy Corporation
31	03/08/2022	-	-	Guacamaya	Quiborax	Quiborax, a mining company in Chile, is also among the victims of the Guacamaya leak.	Unknown	Mining and quarrying	H	CL		Guacamaya, Quiborax
32	03/08/2022	-	-	Guacamaya	Oryx	Oryx, an oil company in Venezuela, is also among the victims of the Guacamaya leak.	Unknown	Mining and quarrying	H	VE		Guacamaya, Oryx
33	03/08/2022	-	-	Guacamaya	Tejucana	Tejucana, a Brazilian mining company, is also among the victims of the Guacamaya leak.	Unknown	Mining and quarrying	H	BR		Guacamaya, Tejucana
34	03/08/2022	-	-	Guacamaya	Guatemala’s Ministerio De Ambiente y Recursos Naturales.	The Guatemala’s Ministerio De Ambiente y Recursos Naturales, is also among the victims of the Guacamaya leak.	Unknown	Public admin and defence, social security	H	GT		Guacamaya, Ministerio De Ambiente y Recursos Naturales
35	03/08/2022	03/08/2022	03/08/2022	Anonymous	Heilongjiang Society Scientific Community Federations	Hackers claiming to be affiliated with Anonymous deface a Chinese government website in support of Taiwan and Speaker of the House Nancy Pelosi’s visit to the country.	Defacement	Public admin and defence, social security	H	CN		Anonymous, Taiwan, Nancy Pelosi, Heilongjiang Society Scientific Community Federations
36	03/08/2022	'Recently'	'Recently'	Projector Libra AKA EXOTIC LILY	Multiple organizations	Researchers from Palo Alto Networks, discover a new campaign distributing the Bumblebee malware.	Malware	Multiple Industries	CC	US >1		Palo Alto Networks, Bumblebee, Projector Libra, EXOTIC LILY
37	03/08/2022	-	-	?	Multiple organizations	Security researchers discover a massive attack carried out by cloning 35,000 GitHub repositories with malware-infected copies.	Malware	Multiple Industries	CC	>1		GitHub
38	03/08/2022	30/07/2022	30/07/2022	?	Tribunal de Justiça do Distrito Federal e dos Territórios	Tribunal de Justiça do Distrito Federal e dos Territórios is back online after being hit by a cyber attack.	Unknown	Public admin and defence, social security	CC	BR		Tribunal de Justiça do Distrito Federal e dos Territórios
39	03/08/2022	-	-	Vice Society	Linn-Mar School District	Linn-Mar School District is hit with a Vice Society ransomware attack.	Malware	Education	CC	US		Linn-Mar School District is, Vice Society, ransomware
40	03/08/2022	10/07/2022	10/07/2022	?	The Country Club at Woodfield (Woodfield Country Club)	The Country Club at Woodfield (Woodfield Country Club) reports a data breach after the organization learned it was the victim of a cyberattack.	Unknown	Accommodation and food service	CC	US		The Country Club at Woodfield, Woodfield Country Club
41	04/08/2022	-	-	China	U.S. and its allies	Researchers from Mandiant identify HaiEnergy, an ongoing information operations campaign leveraging a network of at least 72 suspected inauthentic news sites and a number of suspected inauthentic social media assets to disseminate content strategically aligned with the political interests of the People’s Republic of China (PRC).	Coordinated Inauthentic Behavior	Public admin and defence, social security	CW	US >1		Mandiant, China, US, HaiEnergy
42	04/08/2022	03/08/2022	03/08/2022	?	Taiwan’s Ministry of National Defense	Taiwan’s Ministry of National Defense says its network was taken offline by a distributed denial-of-service (DDoS) incident for about two hours following a visit to the island from U.S. House Speaker Nancy Pelosi.	DDoS	Public admin and defence, social security	H	TW		Taiwan, Ministry of National Defense, China, Nancy Pelosi
43	04/08/2022	-	End of July 2022	?	QuestionPro	Hackers attempt to extort the online survey platform QuestionPro after claiming to have stolen the company's database containing respondents' personal information.	Unknown	Other service activities	CC	US		QuestionPro
44	04/08/2022	Since at least mid-June 2022	-	?	Vulnerable Zimbra servers	The Cybersecurity and Infrastructure Security Agency (CISA) adds the Zimbra CVE-2022-27924 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by attackers.	CVE-2022-27924 Vulnerability	Multiple Industries	N/A	US		Cybersecurity and Infrastructure Security Agency, CISA, Zimbra, CVE-2022-27924
45	04/08/2022	Since at least February 2022	-	Lazarus Group	Employees in the fintech industry	A new social engineering campaign by the notorious North Korean Lazarus hacking group is discovered, with the hackers impersonating Coinbase to target employees in the fintech industry.	Malware	Fintech	CC	>1		Lazarus, Coinbase
46	04/08/2022	'Recently'	'Recently'	Ousaban	Banking users	Researchers from Netskope discover a new variant of the Ousaban financial malware that are abuse multiple cloud services throughout the attack flow.	Malware	Finance and insurance	CC	>1		Netskope, Ousaban
47	04/08/2022	12/04/2022	12/04/2022	?	Practice Resources	Medical billing and practice management company Practice Resources, LLC (PRL) notifies 942,138 individuals of a ransomware attack that impacted 26 of its healthcare organization clients.	Malware	Professional, scientific and technical	CC	US		Practice Resources, Ransomware
48	04/08/2022	End of July 2022	-	?	Indian banking customers	Researchers from CloudSEK discover a new phishing campaign using Hostinger’s preview domains feature to target Indian banking customers.	Account Takeover	Finance and insurance	CC	IN		CloudSEK, Hostinger
49	04/08/2022	During May 2022	During May 2022	?	Multiple organizations	Researchers from Avanan discover a new phishing campaign exploiting the popular app LucidChart to host phishing pages.	Account Takeover	Multiple Industries	CC	>1		Avanan, Lucidchart
50	04/08/2022	'Recently'	'Recently'	?	Multiple organizations	Researchers from Zscaler discover a new variant of the emerging X-FILES infostealer attack with enhanced features to exfiltrate sensitive information	Malware	Multiple Industries	CC	>1		Zscaler, X-FILES
51	04/08/2022	16/07/2022	05/08/2022	?	Spinneys	Spinneys, a major retailer in UAE, discloses a ransomware attack.	Malware	Wholesale and retail	CC	UAE		Spinneys, ransomware
52	04/08/2022	Since at least June 2021	09/02/2022	?	Friedrich Air Conditioning	Friedrich Air Conditioning reports a data breach after the company detected a data security incident affecting the functionality of its network.	Unknown	Manufacturing	CC	US		Friedrich Air Conditioning
53	04/08/2022	-	-	Hive	ENN Group	ENN Group, a Chinese energy producer is hit by a Hive ransomware attack.	Malware	Electricity, gas steam, air conditioning	CC	CN		ENN Group, Hive
54	05/08/2022	05/08/2022	05/08/2022	?	Colosseum Dental Benelux	Colosseum Dental Benelux is hit with a ransomware attack. More than 100 shops are forced to close.	Malware	Human health and social work	CC	NL		Colosseum Dental Benelux, ransomware
55	05/08/2022	Since at least March 2022	During March 2022	Cyber Front Z	Individuals in Ukraine	Researchers from Meta take down a network of Instagram accounts operated by a troll farm in St. Petersburg, Russia, which targeted global public discourse about the war in Ukraine.	Coordinated Inauthentic Behavior	Individual	CW	UA		Meta, Cyber Front Z, Russia, Ukraine
56	05/08/2022	During Q2 2022	During Q2 2022	Bitter APT	Individuals in New Zealand, India, Pakistan and the United Kingdom	Researchers from Meta reveal to have discovered and taken down a new campaign carried out by Bitter APT via a new Android malware called Dracarys.	Malware	Individual	CE	NZ IN PK UK		Meta, Bitter APT, Android, Dracarys
57	05/08/2022	During Q2 2022	During Q2 2022	APT36 AKA Transparent Tribe	Individuals in Afghanistan, India, Pakistan, UAE, and Saudi Arabia	Researchers from Meta reveal to have discovered and taken down a new campaign carried out by APT36 via a new malware called LazaSpy.	Malware	Individual	CE	AF IN PK AE SA		Meta, APT36, LazaSpy; Transparent Tribe
58	05/08/2022	During Q2 2022	During Q2 2022	?	Individuals in Indonesia, primarily within the Wahhabi Muslim community.	Researchers from Meta remove a network of about 2,800 Facebook accounts, groups and pages in Indonesia that worked together to falsely report people for various violations, including hate speech, impersonation, terrorism and bullying.	Coordinated Inauthentic Behavior	Individual	CC	ID		Meta, Indonesia; Facebook
59	05/08/2022	During Q2 2022	During Q2 2022	?	Individuals in India	Researchers from Meta remove a network of about 300 accounts on Facebook and Instagram in India that worked together to mass-harass people, including activists, comedians, actors and other influencers	Coordinated Inauthentic Behavior	Individual	CC	IN		Meta, India, Facebook, Instagram
60	05/08/2022	During Q2 2022	During Q2 2022	?	Individuals in Greece	Researchers from Meta remove two clusters of accounts and Pages on Facebook and Instagram that violated policies against misinformation, hate speech and incitement to violent overthrow of the government.	Coordinated Inauthentic Behavior	Individual	CC	GR		Meta, Greece, Facebook, Instagram
61	05/08/2022	During Q2 2022	During Q2 2022	?	Women in India	Researchers from Meta remove several clusters totalling about 2,000 accounts, Pages and Groups on Facebook and Instagram that targeted women in India with sexualizing content and harassment.	Coordinated Inauthentic Behavior	Individual	CC	IN		Meta, India, Facebook, Instagram
62	05/08/2022	During Q2 2022	During Q2 2022	Operation Dudula	Migrants from other countries in Africa to South Africa	Researchers from Meta remove several clusters totalling about 200 Facebook accounts, Pages and groups that coordinated the harassment of migrants from other countries in Africa.	Coordinated Inauthentic Behavior	Individual	CC	ZA		Meta, South Africa, Facebook, Operation Dudula
63	05/08/2022	During Q2 2022	During Q2 2022	?	Individuals in Malaysia	Researchers from Meta remove 596 Facebook accounts, 180 Pages, 11 Groups and 72 Instagram accounts for coordinated inauthentic behavior, targeting domestic audiences in that country.	Coordinated Inauthentic Behavior	Individual	CC	MY		Meta, Malaysia, Facebook, Instagram
64	05/08/2022	During Q2 2022	During Q2 2022	?	Individuals in Angola, Nigeria and the Gaza region in Palestine	Researchers from Meta remove 259 Facebook accounts, 42 Pages, 9 Groups and 107 Instagram accounts for coordinated inauthentic behavior, targeting domestic audiences in Angola, Nigeria and the Gaza region in Palestine	Coordinated Inauthentic Behavior	Individual	CW	AO NG PS		Meta, Israel, Facebook, Instagram
65	05/08/2022	04/08/2022	04/08/2022	?	Advanced	United Kingdom's National Health Service (NHS) 111 emergency services are affected by a significant and ongoing outage triggered by a cyberattack that hit the systems of British managed service provider (MSP) Advanced.	Unknown	Professional, scientific and technical	CC	UK		NHS, 111, Advanced
66	05/08/2022	04/08/2022	04/08/2022	Lazarus Group	deBridge Finance	Attackers suspected to be from the North Korean Lazarus group used a phishing email to trick company employees and steal cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains.	Malware	Fintech	CC	N/A		North Korea, Lazarus group, deBridge Finance
67	05/08/2022	Since at least February 2021	'Recently'	Orchard	Multiple organizations	Researchers from 360 Netlab discover a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account transaction information to generate DGA domain name.	Malware	Multiple Industries	CC	>1		360 Netlab, Orchard, Satoshi Nakamoto, Bitcoin, DGA
68	05/08/2022	-	22/10/2021	?	Priority Health	Priority Health issues a notice about a third-party data breach that originated at the law firm Warner Norcross & Judd (WNJ) in October 2021 when WNJ discovered unauthorized activity on some of its systems. The incident impacted approximately 120,000 members.	Unknown	Human health and social work	CC	US		Priority Health, Warner Norcross & Judd, WNJ
69	05/08/2022	24/08/2022	24/08/2022	Donut Leaks	Sheppard Robson	Sheppard Robson, a UK architecture firm suffers a ransomware attack.	Malware	Professional, scientific and technical	CC	US		Sheppard Robson, ransomware attack, Donut Leaks
70	05/08/2022	-	-	?	Cellebrite	An anonymous source leaks around 4TB of proprietary data belonging to Israeli digital intelligence firm, Cellebrite.	Unknown	Professional, scientific and technical	H	IL		Cellebrite
71	05/08/2022	Between 04/11/2021 and 14/02/2022	14/02/2022	?	Centerstone	Centerstone, a nonprofit health organization, discloses an email security incident that may have involved personal and protected health information belonging to certain current and former Centerstone clients.	Account Takeover	Human health and social work	CC	US		Centerstone
72	05/08/2022	-	-	?	Warsaw Municipal Police	The Warsaw Municipal Police suffers a DDoS attack carried out flooding their systems with emails.	DDoS	Public admin and defence, social security	CC	PL		Warsaw Municipal Police
73	05/08/2022	04/08/2022	04/08/2022	?	Brazil National Petroleum, Natural Gas and Biofuels Agency (ANP)	The Brazil National Petroleum, Natural Gas and Biofuels Agency (ANP) is taken down after an attempted cyber attack.	Unknown	Public admin and defence, social security	CC	BR		Brazil, National Petroleum, Natural Gas and Biofuels Agency, ANP
74	05/08/2022	-	09/06/2022	?	Atlantic Dialysis Management Services (ADMS)	Atlantic Dialysis Management Services notifies its patients of a data security incident.	Unknown	Human health and social work	CC	US		Atlantic Dialysis Management Services, ADMS
75	05/08/2022	-	-	BlackCat AKA ALPHV	AD Consulting	AD Consulting is hit with a BlackCat ransomware attack.	Malware	Professional, scientific and technical	CC	IT		AD Consulting, BlackCat, ALPHV, ransomware
76	06/08/2022	06/08/2022	06/08/2022	?	Formosa Television (FTV)	Formosa Television (FTV) suffers a cyber attack and its live online content is changed to pro-China messages.	Unknown	Information and communication	H	TW		Formosa Television, FTV
77	06/08/2022	26/05/2022	-	Hive	SERV Behavioral Health System	SERV Behavioral Health System is allegedly hit by a Hive ransomware attack.	Malware	Human health and social work	CC	US		SERV Behavioral Health System, Hive, Ransomware
78	06/08/2022	16/06/2022	-	?	Disability Help Group	Disability Help Group is hit by a ransomware attack.	Malware	Human health and social work	CC	US		Disability Help Group, ransomware
79	07/08/2022	04/08/2022	04/08/2022	?	Twilio	Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.	Account Takeover	Professional, scientific and technical	CC	US		Twilio, SMS, Phishing
80	07/08/2022	Around the beginning of August 2022	-	?	Multiple organizations	Researchers from Resecure discover a phishing campaign leveraging the LogoKit to exploit Open Redirect vulnerabilities for multiple popular domains.	Account Takeover	Multiple Industries	CC	>1		Resecure LogoKit, Open Redirect
81	07/08/2022	07/08/2022	07/08/2022	?	Steven Galanis	Steven Galanis, the CEO of celebrity video platform Cameo gets his Apple ID hacked, and as a result, he loses a variety of NFTs.	Account Takeover	Individual	CC	US		Steven Galanis, Cameo, Apple ID, NFT, Bored Ape
82	07/08/2022	-	-	Bl00dy	Primary Care of Long Island	Primary Care of Long Island is hit with a ransomware attack.	Malware	Human health and social work	CC	US		Primary Care of Long Island, Bl00dy, ransomware
83	07/08/2022	-	-	Bl00dy	oncallpractice.com	oncallpractice.com is hit with a ransomware attack.	Malware	Human health and social work	CC	US		oncallpractice.com, Bl00dy, ransomware
84	08/08/2022	During January 2022	During January 2022	TA428	Military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan	Researchers from Kaspersky discover a new campaign by the Chinese group TA428 using a new backdoor called PortDoor.	Targeted Attack	Multiple Industries	CE	AF EU		Kaspersky, China, TA428 PortDoor
85	08/08/2022	08/08/2022	08/08/2022	?	7-Eleven	7-Eleven stores in Denmark shut down after a cyber attack disrupts stores’ payment and checkout systems throughout the country. A ransomware attack is confirmed few days later.	Malware	Wholesale and retail	CC	DK		7-Eleven, ransomware
86	08/08/2022	03/08/2022	03/08/2022	?	Klaviyo	Email marketing firm Klaviyo discloses a data breach after threat actors steal an employee's login credentials in a phishing attack and gain access to internal systems and download marketing lists for cryptocurrency-related customers	Account Takeover	Administration and support service	CC	US		Klaviyo
87	08/08/2022	-	-	?	Python Developers	Researchers from Check Point discover ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware.	Malware	Multiple Industries	CC	>1		Check Point, Python, PyPI
88	08/08/2022	During March 2022	During March 2022	Classicscam	Users of one of the leading classified platforms in Singapore	Researchers at Group-IB detect a new wave of phishing attacks in Singapore, part of the global campaign "Classicscam".	Account Takeover	Individual	CC	SG		Group-IB, Classicscam
89	08/08/2022	'Recently'	'Recently'	?	Multiple organizations	Researchers from Fortinet discover a new campaign delivering the SmokeLoader malware, and exploiting two old vulnerabilities: CVE-2017-0199 and CVE-2017-11882.	Malware	Multiple Industries	CC	>1		Fortinet, SmokeLoader, CVE-2017-0199, CVE-2017-11882
90	08/08/2022	Between May 14, 2021, and April 8, 2022	'Recently'	?	Columbia River Mental Health Services (CRMHS)	Columbia River Mental Health Services discloses a data security breach involving some employee email accounts.	Account Takeover	Human health and social work	CC	US		Columbia River Mental Health Services, CRMHS
91	08/08/2022	-	-	?	Coinbase users	Researchers from PIXM discover a new campaign spoofing the popular cryptocurrency exchange Coinbase to trick users into logging into their accounts and gain access to steal victim funds,	Account Takeover	Fintech	CC	>1		PIXM, Coinbase
92	08/08/2022	06/08/2022	06/08/2022	?	Bulgarian Food Safety Agency (BFSA)	The website and servers of the Bulgarian Food Safety Agency (BFSA) have come under a cyber attack.	Unknown	Public admin and defence, social security	CC	BG		Bulgarian Food Safety Agency, BFSA
93	08/08/2022	08/08/2022	08/08/2022	?	Câmara Municipal de Teresina	The Câmara Municipal de Teresina in Brazil is taken down after a cyber attack.	Unknown	Public admin and defence, social security	CC	BR		Câmara Municipal de Teresina
94	08/08/2022	-	22/07/2021	?	eCapital Corp.	eCapital Corp. reports a data breach after the company detected unauthorized access within its computer network.	Unknown	Finance and insurance	CC	US		eCapital Corp.
95	09/08/2022	09/08/2022	09/08/2022	NoName057(16)	Finland’s parliament	Pro-Russian hackers from the NoName057(16) take down the website of Finland’s parliament, citing Helsinki’s NATO application as the reason behind the DDoS attack.	DDoS	Public admin and defence, social security	H	FI		NoName057(16), Finland, Russia, NATO
96	09/08/2022	20/07/2022	20/07/2022	?	Cloudflare	Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack similar to the one that led to Twilio's network being breached last week.	Account Takeover	Professional, scientific and technical	CC	US		Cloudflare
97	09/08/2022	-	-	?	Multiple organizations	Microsoft releases security updates to address CVE-2022-34713 (AKA DogWalk), a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks.	CVE-2022-34713 Vulnerability	Multiple Industries	N/A	US		Microsoft, CVE-2022-34713, DogWalk, Windows
98	09/08/2022	Since at least June 2022	-	?	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) addes the Windows UnRAR CVE-2022-30333 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by attackers.	CVE-2022-30333 Vulnerability	Multiple Industries	N/A	US		Cybersecurity and Infrastructure Security Agency, CISA, Windows, UnRAR, CVE-2022-30333
99	09/08/2022	Throughout 2022	Throughout 2022	?	Crypto users	Researchers from Netskope discover a campaign where attackers have been creating phishing pages in Google Sites and Microsoft Azure Web App to steal cryptocurrency wallets and accounts from Coinbase, MetaMask, Kraken, and Gemini.	Account Takeover	Fintech	CC	>1		Netskope, Google Sites, Microsoft Azure Web App, Coinbase, MetaMask, Kraken, Gemini
100	09/08/2022	Since Early May 2022	Since Early May 2022	Tropical Scorpius	Multiple organizations	Researchers from Palo Alto Networks discover a new threat actor, named "Tropical Scorpius" deploying the Cuba ransomware using a novel Remote Access Tool dubbed ROMCOM RAT.	Malware	Multiple Industries	CC	>1		Palo Alto Networks, Tropical Scorpius, Cuba, ransomware, ROMCOM RAT
101	09/08/2022	09/08/2022	09/08/2022	?	Curve Finance	Curve Finance is compromised, as threat actors are able to effectively “clone” curve.fi and send user traffic to its fake crypto-exchange site. $770,000 worth is stolen by the attackers.	DNS Hijacking	Fintech	CC	N/A		Curve Finance
102	09/08/2022	08/08/2022	08/08/2022	?	Bombardier Recreational Products (BRP)	BRP discloses a ransomware attack that forces the company to suspend the operations temporarily.	Malware	Manufacturing	CC	CA		BRP, Ransomware, Bombardier Recreational Products
103	09/08/2022	During the previous week	During the previous week	?	Simon-Marius-Gymnasium	The computer systems of the Simon-Marius-Gymnasium in Gunzenhausen are temporarily unavailable after a ransomware attack.	Unknown	Education	CC	DE		Simon-Marius-Gymnasium, ransomware
104	09/08/2022	During June 2022	-	?	Atsugishi Fishery Cooperative Association	The Atsugishi Fishery Cooperative Association reveals that customer information on the store’s mail order site, Auroko, may have been leaked to outside parties due to infection by the malware Emotet.	Malware	Accommodation and food service	CC	JP		Atsugishi Fishery Cooperative Association, Emotet
105	09/08/2022	-	-	?	Judicial Poder of Quintana Roo	The Judicial Poder of Quintana Roo suffers a ransomware attack.	Malware	Public admin and defence, social security	CC	MX		Judicial Poder of Quintana Roo, ransomware
106	09/08/2022	Since June 2022	During June 2022	?	Multiple organizations	Researchers from Zscaler discover a new large-scale phishing campaign targeting credentials for Gmail email services with a custom proxy-based phishing kit to bypass multi-factor authentication.	Account Takeover	Multiple Industries	CC	>1		Zscaler, Gmail
107	09/08/2022	11/06/2022	-	?	Texas Meter & Device Company (TMD)	Texas Meter & Device Company (TMD) reports a data breach stemming from an incident in which an attacker gained access to the company’s computer network.	Unknown	Electricity, gas steam, air conditioning	CC	US		Texas Meter & Device Company, TMD
108	10/08/2022	During May 2022	24/05/2022	Initial access broker (IAB) with ties to the UNC2447 cyber crime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.	Cisco	Cisco confirms that a threat actor breached its corporate network and tried to extort them under the threat of leaking stolen files online.	Account Takeover	Professional, scientific and technical	CC	US		Cisco, UNC2447, Lapsus$, Yanluowang, ransomware
109	10/08/2022	Since April 2022	-	Silent Ransom Group (SRG) AKA Luna Moth	Multiple organizations	Researchers from Advintel reveal that the Silent Ransom Group, a spin-off of the Conti ransomware gang, is now using BazarCall phishing tactics as the primary method to gain initial access to a victim’s network.	Social Engineering	Multiple Industries	CC	>1		Advintel, Silent Ransom Group, Luna Moth, Conti, BazarCall, ransomware
110	10/08/2022	Since mid-June 2022	-	Quantum	Multiple organizations	Researchers from Advintel reveal that the Quantum group, another spin-off of the Conti ransomware gang, is now using BazarCall phishing tactics as the primary method to gain initial access to a victim’s network in what they call operation "Jörmungandr".	Social Engineering	Multiple Industries	CC	>1		Advintel, Quantum, Conti, BazarCall, ransomware, Jörmungandr
111	10/08/2022	-	-	Roy/Zeon	Multiple organizations	Researchers from Advintel reveal that Roy/Zeon, yet another spin-off of the Conti ransomware gang, is now using BazarCall phishing tactics as the primary method to gain initial access to a victim’s network.	Social Engineering	Multiple Industries	CC	>1		Advintel, Roy/Zeon, Conti, BazarCall, ransomware
112	10/08/2022	20/04/2022 01/05/2022 15/05/2022	-	LockBit, Hive, and ALPHV/BlackCat	Undisclosed automotive supplier	Researchers from Sophos reveal that an automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours.	Malware	Manufacturing	CC	N/A		Sophos, LockBit, Hive, ALPHV, BlackCat
113	10/08/2022	During July and early August 2022	During July and early August 2022	Multiple threat actors	Multiple organizations	Researchers from Volexity reveal that an authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.	CVE-2022-27925 and CVE-2022-37042 vulnerabilities	Multiple Industries	CC	>1		Volexity, Zimbra, Zimbra Collaboration Suite, ZCS, CVE-2022-27925, CVE-2022-37042
114	10/08/2022	-	-	Multiple threat actors	Multiple organizations	Palo Alto Networks issues a security advisory warning of CVE-2022-0028, an actively exploited high-severity vulnerability impacting PAN-OS, the operating system used by the company's networking hardware products.	CVE-2022-0028 vulnerability	Multiple Industries	CC	>1		Palo Alto Networks, CVE-2022-0028, PAN-OS
115	10/08/2022	-	-	?	Butler County Health Care Center	Butler County Health Care Center is hit by a cyber attack thwarted with the support of FBI.	Unknown	Human health and social work	CC	US		Butler County Health Care Center, FBI
116	10/08/2022	-	-	BlueSky	Multiple organizations	Researchers from Palo Alto Networks discover a new ransomware, named BlueSky, characterized by a fast encryption.	Malware	Multiple Industries	CC	>1		Palo Alto Networks, BlueSky, ransomware
117	10/08/2022	Since at least late 2021	-	DeathStalker	Foreign and crypto exchanges	Researchers from Kaspersky discover a new campaign by the DeathStalker threat actor using VIleRAT targeting foreign and crypto exchanges.	Malware	Fintech	CC	>1		DeathStalker, Kaspersky, VileRAT
118	10/08/2022	27/07/2022	27/07/2022	RansomHouse	Municipalities of Valdisieve and Valdarno	The Municipalities of Valdisieve and Valdarno are hit with a RansomHouse ransomware attack.	Malware	Public admin and defence, social security	CC	IT		Municipalities of Valdisieve and Valdarno, RansomHouse, ransomware
119	10/08/2022	-	-	Daixin Team	Ista International	Ista International takes their systems offline after a ransomware attack. Daixin Team claims responsibility.	Malware	Professional, scientific and technical	CC	DE		Ista International, ransomware, Daixin Team
120	10/08/2022	During June 2022	During June 2022	?	Sumiwa Koun Co.	Sumiwa Koun Co. is hit with a ransomware attack.	Malware	Transportation and storage	CC	JP		Sumiwa Koun Co., ransomware
121	10/08/2022	'Recently'	'Recently'	?	Peruvian Congress of the Republic	Multiple members of the Peruvian Congress of the Republic receive suspicious messages on their cell phones after their information is leaked on the internet.	Unknown	Public admin and defence, social security	CC	PE		Peruvian Congress of the Republic
122	10/08/2022	-	-	ViktorLustig	University of Kashmir	A data breach at the University of Kashmir exposes the personal information of over 1 million students of the university and employees.	Unknown	Education	CC	IN		ViktorLustig, University of Kashmir
123	10/08/2022	19/03/2022	30/03/2022	?	NAF, Inc.	NAF, Inc. reports a data breach after detecting unusual activity on its network.	Unknown	Education	CC	US		NAF, Inc.
124	11/08/2022	01/08/2022	01/08/2022	Killnet	Lockheed Martin	The pro-Russian hacktivist gang known as Killnet claims responsibility for an attack to Lockheed Martin and leaks some PII data of its employees.	Unknown	Professional, scientific and technical	H	US		Russia, Killnet, Lockheed Martin
125	11/08/2022	11/08/2022	11/08/2022	Killnet	Website of Latvia’s parliament	The pro-Russian hacker gang known as Killnet takes down the website of Latvia’s parliament after lawmakers there designated Russia as a “state sponsor of terrorism.”	DDoS	Public admin and defence, social security	H	LT		Killnet, Latvia, Russia
126	11/08/2022	-	Since 21/06/2021	Zeppelin	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn US organizations that attackers deploying Zeppelin ransomware might encrypt their files multiple times.	Malware	Multiple Industries	CC	US		Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Zeppelin, ransomware
127	11/08/2022	SInce at least July 2022	During July 2022	SOVA	Android banking users	Researchers from Cleafy discover a new version of the SOVA Android banking trojan with the addition of a new ransomware feature that encrypts files on mobile devices.	Malware	Finance and insurance	CC	>1		Cleafy, SOVA, Android, ransomware
128	11/08/2022	Since at least 06/08/2020	Early August 2022	?	Multiple organizations	Researchers from Sonatype discover a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems.	Malware	Multiple Industries	CC	>1		Sonatype, PyPI, ‘secretslib‘ Linux, Crypto
129	11/08/2022	-	04/08/2022	?	Lee County Emergency Medical Services	Lee County Emergency Medical Services notifies an undisclosed number of individuals of a third-party security breach relating to Intermedix Corporation.	Unknown	Human health and social work	CC	US		Lee County Emergency Medical Services, Intermedix Corporation
130	11/08/2022	-	-	APT-C-35 AKA Do Not Team, Viceroy Tiger	Government departments, including Pakistan’s defence sector	Researchers from Morphisec reveal the details of the latest campaign by the APT-C-35 group targeting government departments, including Pakistan’s defence sector, using an updated version of the Jaca Windows malware toolkit.	Targeted Attack	Public admin and defence, social security	CE	PK		Morphisec, APT-C-35, Do Not Team, Viceroy Tiger, Pakistan, Jaca
131	11/08/2022	-	-	?	Unknown credit agency	A large database containing 23 Million unique records of AT&T customer is discovered in the dark web. The company claims the database has been taken from a credit agency.	Unknown	Finance and insurance	CC	US		AT&T
132	11/08/2022	-	-	?	iPay88	Payment gateway provider iPay88 reveals in a statement that it suffered a "cybersecurity incident" that may have compromised customers' card data.	Unknown	Finance and insurance	CC	MY		iPay88
133	11/08/2022	-	-	CopperStealer	Crypto users	Researchers from Trend Micro discover a new variant of the CopperStealer malware, stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension.	Malware	Fintech	CC	>1		TrendMicro, CopperStealer, Chromium
134	11/08/2022	During April 2022	-	?	Best Buy Users	Researchers from Avanan discover a new phishing campaign spoofing Best Buy and using Google Cloud Storage to host the malicious infrastructure.	Account Takeover	Individual	CC	US		Avanan, Best Buy, Google Cloud Storage
135	11/08/2022	Mid-April 2022	Mid-April 2022	?	Ypsilanti Community Utilities Authority	A ransomware infection may have exposed 2,000 Ypsilanti-area utility customers’ bank payment information to unauthorized individuals.	Malware	Public admin and defence, social security	CC	US		Ypsilanti Community Utilities Authority, ransomware
136	11/08/2022	-	-	?	MJH Life Sciences (MJH)	MJH Life Sciences (MJH) reports a data breach after the company suffers a cyberattack.	Unknown	Information and communication	CC	US		MJH Life Sciences, MJH
137	11/08/2022	-	-	?	Blume Global	Blume Global reports a data breach stemming from what the company characterizes as a malware attack.	Malware	Professional, scientific and technical	CC	US		Blume Global
138	12/08/2022	-	-	pompompurin	ShitExpress	ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, is breached after a threat actor spots a vulnerability and downloads the entire database.	Undisclosed vulnerability	Other service activities	CC	N/A		pompompurin, ShitExpress
139	12/08/2022	Since June 2021	Since 26/05/2022	APT27 (aka Emissary Panda, Iron Tiger, and LuckyMouse)	Individuals in China	Researchers from Sekoia and Trend Micro reveal that a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' has been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems and an additional backdoor (HyperBro) used to steal data from Windows systems.	Targeted Attack	Individual	CE	CN		APT27, Emissary Panda, Iron Tiger, LuckyMouse, Sekoia, Trend Micro, China, MiMi, rshell, Linux, macOS, HyperBro, Windows
140	12/08/2022	-	-	?	MailChimp	MailChimp discloses a security incident targeting crypto companies.	Unknown	Administration and support service	CC	US		MailChimp
141	12/08/2022	14/04/2022	20/01/2022	?	Conifer Health Solutions	Conifer Health Solutions finds out that an unauthorized third-party acquired access to a business email account hosted by Microsoft Office 365.	Account Takeover	Human health and social work	CC	US		Conifer Health Solutions, Microsoft Office 365.
142	12/08/2022	Between 24/08/2021 and 28/08/2021	28/08/2021	?	United Health Centers of the San Joaquin Valley (UHC)	United Health Centers of the San Joaquin Valley (UHC) notifies individuals of a 2021 ransomware attack	Malware	Human health and social work	CC	US		United Health Centers of the San Joaquin Valley, UHC, ransomware
143	12/08/2022	Between 13/06/2022 and 14/06/2022	14/06/2022	?	Overlake Medical Center & Clinics	Overlake Medical Center & Clinics notifies 557 individuals of an email security incident involving some patient information.	Account Takeover	Human health and social work	CC	US		Overlake Medical Center & Clinics
144	12/08/2022	28/06/2022	Between 29/03/2022 and 28/06/2022	?	Onyx Technologies	Onyx Technologies notifies regulators and others about a ransomware attack that impacted 96,814 individuals.	Malware	Professional, scientific and technical	CC	US		Onyx Technologies, ransomware
145	12/08/2022	-	-	?	Organizations in the Healthcare Sector	The Health Sector Cybersecurity Coordination Center (HC3) warns the healthcare sector of a new phishing scheme that lures recipients to an Evernote site containing a downloadable Trojan file that steals credentials.	Malware	Human health and social work	CC	US		Health Sector Cybersecurity Coordination Center, HC3, Evernote
146	12/08/2022	10/08/2022	10/08/2022	XJP	COVID health mobile app run by the city of Shanghai	A hacker claims to have obtained the personal information of 48.5 million users of a COVID health mobile app run by the city of Shanghai.	Unknown	Human health and social work	CC	CN		XJP, COVID, Shanghai
147	12/08/2022	10/08/2022	10/08/2022	?	Presidency of Moldova	The e-mail server of the Presidency of Moldova is compromised.	Unknown	Public admin and defence, social security	CE	MD		Presidency of Moldova
148	12/08/2022	Between 23/03/2022 and 24/03/2022	24/03/2022	?	Morrie’s Auto Group	Morrie’s Auto Group reports a data breach after detecting suspicious activity within its computer system.	Unknown	Wholesale and retail	CC	US		Morrie’s Auto Group
149	13/08/2022	13/08/2022	13/08/2022	?	CS.MONEY	CS.MONEY, one of the largest platforms for trading CS:GO (Counter-Strike: Global Offensive) skins, takes its website offline after a cyberattack allows hackers to loot 20,000 items worth approximately $6,000,000.	Account Takeover	Arts entertainment, recreation	CC	N/A		CS.MONEY, CS:GO, Counter-Strike: Global Offensive
150	13/08/2022			?	BharatPay	Researchers from CloudSEK reveal that BharatPay’s backend database containing customers’ personal information, bank balance, and transaction data from Feb. 2018 to Aug. 2022 is leaked on a cybercrime forum.	Unknown	Finance and insurance	CC	IN		CloudSEK, BharatPay
151	14/08/2022	13/08/2022	13/08/2022	devfather777	Russian Counter-Strike 1.6 server	Researchers from Checkmarx detect a large-scale attack on the Python ecosystem uploading 12 typosquatting packages to the PyPi repository, containing malware performing DDoS attacks on a Counter-Strike 1.6 server.	Malware	Arts entertainment, recreation	CC	RU		Checkmarx, Python, DDoS, Counter-Strike, devfather777, PyPi
152	14/08/2022	During February 2021	During February 2021	SilverTerrier	Empresa Nacional del Petróleo (ENAP)	The Chilean Empresa Nacional del Petróleo (ENAP) suffers a BEC scam, but is able to avoid financial losses thanks to a bank alert.	Business Email Compromise	Mining and quarrying	CC	CL		Empresa Nacional del Petróleo, ENAP, SilverTerrier
153	15/08/2022	Between July 15 and August 8, 2022.	-	Gamaredon (aka Armageddon or Shuckworm)	Multiple organizations in Ukraine	Researchers from Symantec discover a new campaign by the Gamaredon group targeting multiple organizations in Ukraine.	Targeted Attack	Multiple Industries	CE	UA		Gamaredon, Armageddon, Shuckworm
154	15/08/2022	-	-	SEABORGIUM (AKA ColdRiver and TA446)	People and organizations in NATO countries	The Microsoft Threat Intelligence Center (MSTIC) announces to have disrupted a hacking and social engineering operation linked to a Russian threat actor tracked as SEABORGIUM targeting people and organizations in NATO countries.	Targeted Attack	Multiple Industries	CE	>1		SEABORGIUM, ColdRiver, TA446, Microsoft Threat Intelligence Center, MSTIC
155	15/08/2022	13/08/2022	13/08/2022	Play	Argentina's Judiciary of Córdoba	Argentina's Judiciary of Córdoba shuts down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation.	Malware	Public admin and defence, social security	CC	AR		Argentina's Judiciary of Córdoba, ransomware, Play
156	15/08/2022	-	-	Cl0p	South Staffordshire Water	South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6m consumers daily, issues a statement confirming IT disruption from a cyberattack. The Cl0p ransomware gang claims responsibility but they misidentify the victim.	Malware	Water supply, waste mgmt, remediation	CC	UK		South Staffordshire Water, Cl0p, ransomware
157	15/08/2022	07/08/2022	07/08/2022	?	DigitalOcean	DigitalOcean warns customers that the recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets.	Account Takeover	Professional, scientific and technical	CC	US		DigitalOcean, MailChimp
158	15/08/2022	-	-	?	BlackByte 2.0	The BlackByte ransomware group is back and leaks immediately a new victim in their new website.	Malware	Unknown	CC	N/A		BlackByte, ransomware
159	15/08/2022	05/05/2022	05/05/2022	?	San Diego American Indian Health Center (SDAIHC)	San Diego American Indian Health Center (SDAIHC) discloses to have suffered a data breach that involved an undisclosed number of current and former individuals served by the health center.	Malware	Human health and social work	CC	US		San Diego American Indian Health Center, SDAIHC
160	15/08/2022	Between May 25 and June 2, 2022	02/06/2022	?	Florida Springs Surgery Center	Florida Springs Surgery Center discloses t was the victim of a phishing attack where 2,203 patients' information was affected.	Account Takeover	Human health and social work	CC	US		Florida Springs Surgery Center
161	15/08/2022	-	-	LV	Elefondati	Elefondati is hit with an LV ransomware attack. The attackers also offer a security audit, should the company decide to pay the ransom.	Malware	Professional, scientific and technical	CC	IT		Elefondati, LV, ransomware
162	15/08/2022	-	10/06/2022	?	Clark Patterson Lee (CPL)	Clark Patterson Lee (CPL) reports a data breach after the company experienced what appears to be a ransomware attack.	Malware	Professional, scientific and technical	CC	US		Clark Patterson Lee, CPL, ransomware
163	15/08/2022	-	-	?	United HealthCare Services	United HealthCare Services confirms that the company experienced a data breach.	Unknown	Finance and insurance	CC	US		United HealthCare Services
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

July 2023 Cyber Attacks Statistics
After the cyber attacks timelines, it’s time to publish the statistics of June 2023 where I have collected and analyzed 384 events, yet another record number driven...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
16-28 February 2023 Cyber Attacks Timeline
The second cyber attacks timeline of February 2023 is out and with 10.62 events/day confirms...
Q2 2023 Cyber Attacks Statistics
I have aggregated the statistics created from the cyber attacks timelines published in the second quarter of 2023. In total I have collected 1040 events...
16-31 July 2023 Cyber Attacks Timeline
New victims of attacks carried out by the Clop (AKA Cl0p) ransomware gang exploiting the CVE-2023-34362 MOVEit vulnerability emerged even during...