September confirmed the high level of activity in the cyber space. Despite the number of recorded events registered a light decrease, the overall amount continues to be quite high as shown in the 12 months trend chart.
As also quite high continues to be the impact of ransomware, stable at 27.7% (38 out of 137 events), a value substantially in line with the one experienced in the second half of August (27.2%). On the other hand, the impact of vulnerabilities played a role in the 10.9% of events, (15 out of 137 events) with a sharp increase compared to 6.9% of the previous timeline.
Unfortunately the hacks against fintech platform only experienced a break during the Summer, with three new organizations hit by attackers able to steal the equivalent of nearly $2M in cryptovalues.
The number of operations in cyber space linked to the conflict in Ukraine continue to decrease, however the Anonymous collective hit the headlines thanks to an alleged cyber attack that spread havoc in the Yandex Taxi app, creating a massive jam in Moscow. On the other hand the Gamaredon group continued to target entities in Ukraine, and interestingly threat actors from the infamous ransomware group Conti repurposed their malicious intentions against Ukraine in a new threat actor dubbed UAC-0098.
And unsurprisingly, the cyber espionage front is always rich of events with old acquaintances, such as the North Korean Lazarus Group, and the Iranian Charming Kitten, but also newcomers, such as Worok.
As usual the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map September H1 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/09/2022
15/08/2022
15/08/2022
Hive
Damart
Damart, a French clothing company with over 130 stores across the world, is being extorted for $2 million after a cyberattack from the Hive ransomware gang.
Malware
Manufacturing
CC
FR
Damart, Hive, Ransomware
2
01/09/2022
22/07/2022
-
?
Instagram users
Researchers from Vade discover a new Instagram phishing campaign, attempting to scam users of the popular social media platform by luring them with a blue-badge offer.
Account Takeover
Individual
CC
>1
Vade, Instagram
3
01/09/2022
-
-
?
Cyber Criminals using the Prynt Stealer malware
Researchers from Zscaler reveal that the Prynt Stealer malware is infected with a backdoor that allows the malware developer to receive a copy of the stolen information over Telegram.
Malware
Other service activities
CC
N/A
Zscaler, Prynt Stealer Telegram.
4
01/09/2022
-
-
CodeRAT
Farsi-speaking software developers
Researchers from SafeBreach Labs uncover CodeRAT, a new Remote Access Trojan (RAT), which appears to originate from Iran, and is targeting Farsi-speaking software developers.
Malware
Individual
CC
IR
SafeBreach Labs, CodeRAT, Iran
5
01/09/2022
Since at least 26/08/2022
-
?
Vulnerable e-commerce sites
Researchers from Cyble discover a new, highly evasive JavaScript skimmer used by Magecart threat actors.
Malicious Script Injection
Wholesale and retail
CC
>1
Cyble, Magento, Magecart
6
01/09/2022
End of July 2022
End of July 2022
?
Large international nonprofit agency
Researchers from Armorblox discover a new phishing campaign aimed at American Express customers.
Account Takeover
Extraterritorial orgs and bodies
CC
N/A
Armorblox, American Express
7
01/09/2022
06/12/2021
06/12/2021
?
Radiant Logistics
Radiant Logistics discloses to have suffered a ransomware attack.
Malware
Transportation and storage
CC
US
Radiant Logistics, ransomware
8
01/09/2022
05/08/2022
10/08/2022
?
Legacy Supply Chain Services
Legacy Supply Chain Services confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network.
Unknown
Transportation and storage
CC
US
Legacy Supply Chain Services
9
01/09/2022
-
-
REvil
Midea Group
The REvil ransomware group claims to have breached Midea Group, a major Chinese electrical appliance manufacturer.
Malware
Manufacturing
CC
CN
REvil, ransomware, Midea Group
10
01/09/2022
During June 2022
-
?
Tulsa Tech
Tulsa Tech reveals that someone stole data belonging to students who were enrolled in its classes between 1986 and 1999.
Unknown
Education
CC
US
Tulsa Tech
11
01/09/2022
'Recently'
'Recently'
DarkAngels
Linux systems
Researchers from Uptycs discover a new ransomware (likely a variant of the DarkAngels ransomware) targeting Linx systems.
Malware
Multiple Industries
CC
>1
Uptycs, DarkAngels, ransomware, Linux
12
01/09/2022
24/04/2022
01/09/2022
LockBit 3.0
Costa Rica’s Junta De Proteccion Social
Costa Rica’s Junta De Proteccion Social is added to LockBit 3.0’s leak site, with the ransomware gang claiming to have about 7.8 GB of information.
Malware
Public admin and defence, social security
CC
CR
Costa Rica, Junta De Proteccion Social, LockBit 3.0’s, ransomware
13
01/09/2022
-
-
Bjorka
Undisclosed organization
An unknown attacker named Bjorka leaks the SIM data of 1.3 billion SIM numbers in Indonesia.
Unknown
Information and communication
CC
ID
Bjorka, Indonesia
14
02/09/2022
01/09/2022
01/09/2022
Anonymous
Yandex Taxi
The Anonymous announce to have hacked the Yandex Taxi app, the largest taxi service in Russia, and used it to cause a massive traffic jam in Moscow. The threat actors ordered all available taxis to a particular address.
Unknown
Transportation and storage
H
RU
Anonymous, Yandex Taxi
15
02/09/2022
End of July 2022
04/08/2022
?
Samsung
Samsung confirms a new data breach after some of its U.S. systems were hacked to steal customer data.
Unknown
Manufacturing
CC
US
Samsung
16
02/09/2022
-
-
?
Undisclosed organization(s)
Google releases Chrome 105.0.5195.102 for Windows, Mac, and Linux users to fix CVE-2022-3075, a vulnerability exploited in the wild.
CVE-2022-3075 Vulnerability
Unknown
N/A
N/A
Google, Chrome 105.0.5195.102, CVE-2022-3075
17
02/09/2022
Since at least 16/08/2022
16/08/2022
SharkBot
Banking users in Android
Researchers from Fox IT discover a new and upgraded version of the SharkBot malware, returned to Google's Play Store, and targeting banking logins of Android users through apps that have tens of thousands of installations ("Mister Phone Cleaner” and “Kylhavy Mobile Security")
Malware
Finance and insurance
CC
AT
AU
DE
ES
PL
US
Fox IT, SharkBot, Google's Play Store, Android, Mister Phone Cleaner, Kylhavy Mobile Security
18
02/09/2022
02/09/2022
02/09/2022
?
Bardstown Connect
A ransomware attack takes down Bardstown Connect, the municipal ISP of the city of Bardstown.
Malware
Information and communication
CC
US
Bardstown Connect, ransomware
19
02/09/2022
Since August 2022
During August 2022
?
Italian energy operators
The Italian National Cyber Security Agency warns that attacks on Italian energy operators and infrastructure are increasing after the ones to ENI and GSE.
Unknown
Electricity, gas steam, air conditioning
CC
IT
Italy, National Cyber Security Agency, ENI, GSE
20
02/09/2022
17/12/2021
24/12/2021
?
Radiology Ltd
Radiology Ltd discloses a security breach.
Unknown
Professional, scientific and technical
CC
US
Radiology Ltd
21
02/09/2022
17/12/2021
24/12/2021
?
Gateway Diagnostics Imaging
Gateway Diagnostics Imaging discloses a security breach.
Unknown
Professional, scientific and technical
CC
US
Gateway Diagnostics Imaging
22
02/09/2022
04/07/2022
-
?
Reiter Affiliated Companies
Reiter Affiliated Companies reports a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after sensitive consumer information entrusted to the company was accessed by an unauthorized party.
Unknown
Accommodation and food service
CC
US
Reiter Affiliated Companies
23
02/09/2022
Between 19/01/2022 and 11/04/2022
11/04/2022
?
Genesis Health Care
Genesis Health Care reports a data breach after the company discovered that an unauthorized party had access to its computer system for a period of nearly three months.
Unknown
Human health and social work
CC
US
Genesis Health Care
24
02/09/2022
11/07/2022
11/07/2022
?
Physicians’ Spine and Rehabilitation Specialists of Georgia
The Physicians’ Spine and Rehabilitation Specialists of Georgia confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data through what appears to be a ransomware attack.
Malware
Human health and social work
CC
US
Physicians’ Spine and Rehabilitation Specialists of Georgia, ransomware
25
02/09/2022
-
23/06/2022
?
CBC Group (CBC)
CBC Group (CBC) reports a data breach resulting in the names, Social Security numbers, driver’s licenses or government identification card numbers, financial account numbers, and passport numbers of certain individuals being compromised.
Unknown
Wholesale and retail
CC
US
CBC Group, CBC
26
02/09/2022
-
-
Zanubis
Peruvian banks and social media applications
Researchers from Cyble discover a new Android banking trojan, dubbed Zanubis, targeting Peruvian banks and social media applications.
Malware
Finance and insurance
CC
PE
Cyble, Zanubis
27
02/09/2022
-
-
DESORDEN
Boga Group
Hackers known as DESORDEN hit BOGA Group, which operates more than 200 restaurants and outlets across Indonesia and Malaysia, and acquire more than 400,000 customer records and 16,000 employee records.
Unknown
Accommodation and food service
CC
ID
DESORDEN, Boga Group
28
02/09/2022
31/08/2022
19/08/2022
Hive
NCG Medical
NCG Medical is hit with a Hive ransomware attack.
Malware
Human health and social work
CC
US
NCG Medical, Hive, ransomware
29
02/09/2022
-
-
Two individuals
Rug Pull Finder
Two individuals steal 450 NFTs from Rug Pull Finder, a security company that offers smart contract audits to blockchain companies.
Vulnerability
Fintech
CC
N/A
Rug Pull Finder
30
02/09/2022
Between17/12/2021 and 24/12/2021
24/12/2021
?
Buffalo MRI
Buffalo MRI files an official report with the Attorney General of Montana confirming that the company experienced a data breach after an unauthorized party obtained access to sensitive consumer information stored on the company’s computer network.
Unknown
Human health and social work
CC
US
Buffalo MRI, Windsong Radiology
31
03/09/2022
-
02/09/2022
AgainstTheWest
Unknown organization
A group known as 'AgainstTheWest' claims to have breached both TikTok and WeChat, sharing screenshots of an alleged database belonging to the companies, which they say was accessed on an Alibaba cloud instance containing data for both TikTok and WeChat users.
Unknown
Unknown
CC
N/A
AgainstTheWest, TikTok, WeChat
32
03/09/2022
03/09/2022
03/09/2022
DeadBolt
QNAP users
QNAP warns customers of ongoing DeadBolt ransomware attacks, exploiting a zero-day vulnerability in Photo Station.
0-day vulnerability
Multiple Industries
CC
>1
QNAP, DeadBolt, ransomware, Photo Station
33
03/09/2022
-
-
?
Individuals in Ukraine
The Cyber Department of the Ukrainian Security Service (SSU) dismantles two more bot farms, in the regions of Kyiv and Odesa, that spread Russian disinformation on social networks and messaging platforms via thousands of fake accounts.
Coordinated Inauthentic Behavior
Individual
CW
UA
Cyber Department of the Ukrainian Security Service, SSU, Kyiv, Odessa, Russia, Ukraine
34
03/09/2022
05/07/2022
04/08/2022
?
KeyBank
Attackers steal personal data including Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, after successfully breaching the insurance services provider Overby-Seawell.
Account Takeover
Finance and insurance
CC
US
KeyBank, Overby-Seawell
35
03/09/2022
-
-
RansomExx
National Fund for Educational Development (FNDE)
The RansomExx ransomware group leaks 62 TB of files from the National Fund for Educational Development (FNDE).
Malware
Public admin and defence, social security
CC
BR
RansomExx, ransomware, National Fund for Educational Development, FNDE
36
03/09/2022
-
-
Kelvin Security
Undisclosed retailer
Kelvin Security puts on sale a 310Gb archive containing the data of 10 million Italian Vodafone customers.
Unknown
Wholesale and retail
CC
IT
Kelvin Security, Vodafone
37
04/09/2022
-
-
GhostSec
Multiple organizations in Israel
Pro-Palestinian Hacking Group GhostSec claims to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a Free Palestine campaign.
Unknown
Electricity, gas steam, air conditioning
H
IL
Palestine, GhostSec, Berghof, Israel
38
04/09/2022
-
-
Hackers linked to Iran
Mossad chief David Barnea
Hackers linked to Iran publish personal photos and medical records of Mossad intelligence agency chief David Barnea, after accessing his wife phone.
Account Takeover
Individual
H
IL
Mossad, David Barnea, Iran
39
05/09/2022
-
-
?
Multiple organizations
Researchers from Resecurity discover EvilProxy (AKA Moloch), a new Phishing-as-a-Service (PaaS) platform able to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.
Researchers from Cyble discover a new Android malware used to spy on the Uyghur Community.
Targeted Attack
Individual
CE
CN
Cyble, Android, Uyghur
41
06/09/2022
04/09/2022
04/09/2022
Vice Society
Los Angeles Unified School District (LAUSD)
Los Angeles Unified School District (LAUSD), the second largest school district in the U.S., disclosed that a ransomware attack hit its Information Technology (IT) systems,
Malware
Education
CC
US
Los Angeles Unified School District, LAUSD, ransomware, Vice Society
42
06/09/2022
Since at least 2020
During February 2022
Worok
Targets from Africa and the Middle East
Researchers from ESET discover Worok, a newly discovered cyber-espionage group, hacking governments and high-profile companies in Asia since at least 2020 using a combination of custom and existing malicious tools.
Targeted Attack
Multiple Industries
CE
>1
Worok, ESET
43
06/09/2022
-
-
Shikitega
Endpoints and IoT devices running Linux
Researchers from AT&T discover Shikitega, a new stealthy Linux malware infecting computers and IoT devices with additional payloads.
Malware
Multiple Industries
CC
>1
AT&T, Shikitega, Linux
44
06/09/2022
05/09/2022
05/09/2022
Couple from Vietnam
InterContinental Hotels Group PLC (AKA IHG Hotels & Resorts)
Hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted after its network was breached. A couple from Vietnam claims responsibility for the attack.
Unknown
Accommodation and food service
CC
UK
InterContinental Hotels Group PLC, IHG Hotels & Resorts
45
06/09/2022
-
Vice Society
U.S. school districts
FBI, CISA, and MS-ISAC warn of U.S. school districts being increasingly targeted by the Vice Society ransomware group, with more attacks expected after the start of the new school year.
Malware
Education
CC
US
FBI, CISA, MS-ISAC, Vice Society, ransomware
46
06/09/2022
Since early August
Since early August
Vulnerable D-Link routers
Researchers from Palo Alto Networks reveal that the Mirai malware botnet variant known as ‘MooBot’ has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.
Malware
Multiple Industries
CC
>1
Palo Alto Networks, Mirai, MooBot, D-Link
47
06/09/2022
Since 2020
-
DangerousSavanna
Major financial institutions in Ivory Coast, Morocco, Cameroon, Senegal, and Togo
Researchers from Check Point reveal the details of DangerousSavanna, a malicious campaign targeting multiple major financial groups in French-speaking Africa.
Account Takeover
Finance and insurance
CC
CI
CM
MA
SN
TG
Check Point, DangerousSavanna
48
06/09/2022
05/09/2022
05/09/2022
?
Go-Ahead
Transportation group Go-Ahead shares a statement with the London Stock Exchange indicating “unauthorized activity” had been discovered on its network.
Unknown
Transportation and storage
CC
UK
Go-Ahead
49
06/09/2022
Since at least 2019
-
Evil Corp (aka TA505 or UNC2165)
More than 8,000 different organizations and individuals
Researchers from the Prodraft Threat Intelligence (PTI) reveal that the Evil Corp ransomware gang (aka TA505 or UNC2165) has used a new cyberattack panel called TeslaGun to carry out mass phishing campaigns and targeted campaigns against more than 8,000 different organizations and individuals. The majority of targets have been in the US, which accounted for more than 3,600 of the victims, with a scattered international distribution outside of that.
Researchers from Zscaler discover a new version of the Ares banking trojan that introduces a domain generation algorithm (DGA), which mirrors the Qakbot DGA
Malware
Finance and insurance
CC
>1
Ares, Zscaler
51
07/09/2022
Since April 2022
Since April 2022
UAC-0098
Ukrainian organizations, the Ukrainian government, and European humanitarian and non-profit organizations.
Researchers from Google Threat Analysis Group (TAG) says some former Conti cybercrime gang members, now part of a threat group tracked as UAC-0098, are targeting Ukrainian organizations and European non-governmental organizations (NGOs).
Targeted Attack
Public admin and defence, social security
CE
UA
Google TAG, Threat Analysis Group, Conti, UAC-0098, Russia, Ukraine
52
07/09/2022
-
-
?
Cobalt Strike servers operated by former members of the Conti ransomware gang
Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity.
DDoS
Other service activities
H
N/A
Conti, Cobalt Strike, Russia, Ukraine
53
07/09/2022
Since 2015
During 2022
APT42
Over 30 organizations in 14 countries
Researchers from Mandiant reveal the details of APT42, a new Iranian state-sponsored hacking group using a custom Android malware to spy on targets of interest.
Targeted Attack
Multiple Industries
CE
>1
Mandiant, APT42
54
07/09/2022
26/07/2022
11/08/2022
?
The North Face
Outdoor apparel brand 'The North Face' is targeted in a large-scale credential stuffing attack resulting in the hacking of 194,905 accounts on the thenorthface.com website.
Credential Stuffing
Manufacturing
CC
US
The North Face, thenorthface.com
55
07/09/2022
-
-
DEV-0270 (AKA Nemesis Kitten)
Multiple organizations
Researchers from Microsoft reveal that an Iranian state-sponsored threat group tracked as DEV-0270 (aka Nemesis Kitten) has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems.
Researchers from Cyble discover a new version of the Bumblebee malware loader, featuring a new infection chain that uses the PowerSploit framework for stealthy reflective injection of a DLL payload into memory.
Malware
Multiple Industries
CC
>1
Cyble, Bumblebee, PowerSploit
57
07/09/2022
-
-
Russian attackers?
Canarbino
Canarbino is the third energy group in Italy to suffer a cyber attack allegedly carried out by Russian threat actors.
Unknown
Electricity, gas steam, air conditioning
CC
IT
Canarbino, Russia
58
07/09/2022
26/08/2022
06/09/2022
?
Vulnerable WordPress sites
Researchers from Defiant reveal that a recently resolved vulnerability in the BackupBuddy WordPress plugin (CVE-2022-31474) is being exploited in malicious attacks.
CVE-2022-31474 Vulnerability
Multiple Industries
CC
>1
Defiant, BackupBuddy, WordPress, CVE-2022-31474
59
07/09/2022
-
-
Killnet
Several companies and 20 websites across four government ministries in Japan
The Russia–affiliated group Killnet claims responsibility for a series of cyber–attacks against Japanese companies and 20 websites across four government ministries.
DDoS
Public admin and defence, social security
H
JP
Killnet, Russia
60
07/09/2022
During September 2022
During September 2022
Bjorka
General Elections Commission of Indonesia
A hacker under the moniker of Bjorka claims to have hacked the General Elections Commission of Indonesia and leaks the data of 105 million citizens.
Unknown
Public admin and defence, social security
CC
ID
Bjorka, General Elections Commission of Indonesia
61
07/09/2022
Since 20/08/2022
Since 20/08/2022
?
Multiple ransomware groups including LockBit, ALPHV (aka BlackCat), Quantum, LV, Hive, Everest, BianLian, Yanluowang, Snatch, and Lorenz.
Researchers from Cisco Talos reveal that multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues
The BianLian ransomware group hits Alegria Family Services (AFS), a community services organization for adults with disabilities.
Malware
Human health and social work
CC
US
BianLian, ransomware, Alegria Family Services, AFS
63
07/09/2022
-
-
?
Municipality of Ourique
The municipality of Ourique discloses to have suffered a ransomware attack,
Malware
Public admin and defence, social security
CC
PT
Municipality of Ourique, ransomware
64
07/09/2022
-
-
?
Avalanche blockchain
An attacker steals at least $370,000 worth of USDC stablecoins from a smart contract on the Avalanche blockchain in a flash loan attack, affecting multiple liquidity providers.
Flash loan
Fintech
CC
N/A
Avalanche blockchain
65
08/09/2022
-
-
?
Portugal Estado-Maior-General das Forças Armadas AKA Armed Forces General Staff agency of Portugal (EMGFA)
The Armed Forces General Staff agency of Portugal (EMGFA) suffers a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web.
Unknown
Public admin and defence, social security
CC
PT
Portugal Estado-Maior-General das Forças Armadas, Armed Forces General Staff agency of Portugal, EMGFA, NATO
66
08/09/2022
Between February and July 2022
-
Lazarus Group
Energy providers in the United States, Canada, and Japan.
Researchers from Cisco Talos discover a new campaign by the North Korean APT group 'Lazarus', exploiting VMWare Horizon servers vulnerabilities (Log4j) to access the corporate networks of energy providers in the United States, Canada, and Japan, via the custom malware families VSingle', 'YamaBot' and a previously unknown remote access trojan (RAT) named 'MagicRAT'.
Targeted Attack
Electricity, gas steam, air conditioning
CE
US
CA
JP
Cisco Talos, North Korea, Lazarus, VMWare Horizon, VSingle, YamaBot, MagicRAT
67
08/09/2022
Approximately two weeks before
03/09/2022
Avos Locker
Savannah College of Art and Design (SCAD)
Savannah College of Art and Design (SCAD) discloses to have suffered a ransomware attack.
Malware
Arts entertainment, recreation
CC
US
Savannah College of Art and Design, SCAD, ransomware, Avos Locker
68
08/09/2022
-
During June and July 2022,
BRONZE PRESIDENT
Government officials of several countries in Europe, the Middle East, and South America
Researchers from Secureworks reveal the details of the latest campaign by the Chinese threat actor BRONZE PRESIDENT using the PlugX malware.
Targeted Attack
Public admin and defence, social security
CE
>1
Secureworks, China, BRONZE PRESIDENT, PlugX
69
08/09/2022
-
-
?
Eurocell
Eurocell, a leading British PVC manufacturer, contacts current and former employees to inform them about a “substantial” data breach.
Unknown
Manufacturing
CC
UK
Eurocell
70
08/09/2022
-
-
?
DaVita
DaVita confirms that the company experienced a data breach after an unauthorized party accessed sensitive consumer data entrusted to the company.
Unknown
Human health and social work
CC
US
DaVita
71
08/09/2022
-
-
?
Wilson’s Gun Shop
Wilson’s Gun Shop confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information that was entrusted to the company.
Unknown
Manufacturing
CC
US
Wilson’s Gun Shop
72
08/09/2022
End of July 2022
End of July 2022
?
Undisclosed organization
Researchers from Avanan discover a phishing campaign spoofing their own brand.
Account Takeover
Unknown
CC
N/A
Avanan
73
08/09/2022
-
17/08/2022
Snatch Team
Stratford University
Stratford University is allegedly hacked by the Snatch Team ransomware group.
Malware
Education
CC
US
Stratford University, Snatch Team, ransomware
74
08/09/2022
-
-
?
Codelco
Attackers compromise the DB of COVID-19 tracking platform of the Codelco mining company and list it for sale on a popular forum. Almost 17,500 emails and more than 1,800 are from corporate users.
Unknown
Mining and quarrying
CC
CL
Codelco
75
08/09/2022
-
-
?
New Free DAO
An attacker steals $1.25 million worth of cryptocurrency from newly established decentralized finance protocol New Free DAO in a flash loan attack. The thief cashes out nearly half of the stolen funds so far.
Flash Loan
Fintech
CC
N/A
New Free DAO
76
08/09/2022
-
-
?
Teknozone
Teknozone, an e-commerce portal of electronics, has 75.000 records leaked on the infamous portal Breach Forums.
Unknown
Wholesale and retail
CC
IT
Teknozone, Breach Forums
77
08/09/2022
-
-
?
Thoro Bicycles
Thoro Bicycles, an e-commerce portal of cycling accessories, has 31.000 records leaked on the infamous portal Breach Forums.
Unknown
Wholesale and retail
CC
IT
Thoro Bicycles, Breach Forums
78
09/09/2022
Since at least end of August 2022
End of August 2022
Lampion
Portuguese and Spanish-speaking banking users
Researchers from Cofense discover a new campaign of the Lampion malware, abusing WeTransfer.
Malware
Finance and insurance
CC
>1
Cofense, Lampion, WeTransfer
79
09/09/2022
Between 5/11/2021 and 05/04/2022.
12/07/2022
?
U-Haul International (U-Haul)
Moving and storage giant U-Haul International (U-Haul) discloses a data breach after a customer contract search tool was hacked to access customers' names and driver's license information.
Account Takeover
Transportation and storage
CC
US
U-Haul International, U-Haul
80
09/09/2022
Since 26/05/2022
14/07/2022
Hive
Empress EMS (Emergency Medical Services)
Empress EMS (Emergency Medical Services), a New York-based emergency response and ambulance service provider, discloses a data breach that exposed customer information after a Hive ransomware attack.
Malware
Human health and social work
CC
US
Empress EMS, Emergency Medical Services, Hive, Ransomware
81
09/09/2022
-
-
?
Henderson & Walton Women’s Center
The protected health information of 34,306 patients tied to the Henderson & Walton Women’s Center in Alabama is compromised during the hack of an employee email hack.
Account Takeover
Human health and social work
CC
US
Henderson & Walton Women’s Center
82
09/09/2022
-
20/04/2022
?
NorthStar Healthcare Consulting
The hack of an email account belonging to an employee of NorthStar Healthcare Consulting led to the possible access or theft of Georgia Medicaid information for 18,354 members.
Account Takeover
Professional, scientific and technical
CC
US
NorthStar Healthcare Consulting, Georgia Medicaid
83
09/09/2022
11/07/2022
12/07/2022
?
Lubbock Heart & Surgical Hospital
Lubbock Heart & Surgical Hospital files official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights following a data security incident that disrupted the hospital’s computer network.
Unknown
Human health and social work
CC
US
Lubbock Heart & Surgical Hospital
84
09/09/2022
-
-
?
One Medical
One Medical confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data that had been entrusted to the company.
Unknown
Human health and social work
CC
US
One Medical
85
09/09/2022
-
-
Chinese scammers
Individuals in India
Law enforcement agencies in India discover a network of Chinese scammers having reportedly stolen $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes.
Account Takeover
Individual
CC
IN
India, China
86
09/09/2022
-
-
LockBit 3.0
La Calera Agricola
La Calera Agricola is hit with a LockBit 3.0 ransomware attack.
Malware
Accommodation and food service
CC
PE
La Calera Agricola, LockBit 3.0, ransomware
87
10/09/2022
10/09/2022
10/09/2022
?
Parliamentary Assembly of Bosnia and Herzegovina
The servers of the Parliamentary Assembly of Bosnia and Herzegovina are taken down by an alleged ransomware attack.
Malware
Public admin and defence, social security
CC
BA
Parliamentary Assembly of Bosnia and Herzegovina, Ransomware
88
10/09/2022
10/09/2022
10/09/2022
Threat actors from Iran
Albanian Total Information Management System, or TIMS
A new cyber attack allegedly carried out by Iranian threat actors takes down the Total Information Management System.
Unknown
Public admin and defence, social security
CW
AL
Albania, Iran, Total Information Management System, TIMS
89
11/09/2022
11/09/2022
11/09/2022
hdr0
Several Russian channels, including Channel One Russia, Russia-24, and Russia-1
A group of pro-Ukrainian hackers named hdr0 take credit for breaching Russian TV channels and broadcasting anti-war messages comparing Russia’s attack on Ukraine to the September 11 terrorist attacks in New York.
Unknown
Information and communication
H
RU
Russia, Ukraine, hdr0, Channel One Russia, Russia-24, Russia-1
90
11/09/2022
01/09/2022
01/09/2022
Daixin Team
Oakbend Medical Center
Oakbend Medical Center reveals to have been hit by a ransomware attack.
Malware
Human health and social work
CC
US
Oakbend Medical Center, ransomware, Daixin Team
91
11/09/2022
-
-
NSA?
Northwestern Polytechnical University
China denounces the U.S. Embassy in Beijing following a joint report from two of the country’s most prominent cyber authorities (China’s National Computer Virus Emergency Response Center (CVERC) and the company 360) accusing the National Security Agency of stealing “sensitive information” from Chinese institutions, in particular the Northwestern Polytechnical University.
Targeted Attack
Education
CE
CN
China, U.S., U.S. Embassy in Beijing, China’s National Computer Virus Emergency Response Center, CVERC, 360, NSA, National Security Agency, Northwestern Polytechnical University.
92
11/09/2022
-
-
?
Suffolk County
Suffolk County continues to investigate a possible ransomware attack.
Malware
Public admin and defence, social security
CC
UK
Suffolk County, ransomware
93
12/09/2022
SInce at least June 2022
-
Lorenz
Multiple organizations
Researchers from Arctic Wolf Labs reveal that the Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances (CVE-2022-29499) to breach enterprises, using their phone systems for initial access to their corporate networks.
CVE-2022-29499 vulnerability
Multiple Industries
CC
>1
Arctic Wolf Labs, Lorenz, Ransomware, Mitel, MiVoice, VoIP, CVE-2022-29499
94
12/09/2022
Since the start of 2022
-
?
Unknown organization(s)
Apple releases security updates to address CVE-2022-32917, a zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.
CVE-2022-32917 vulnerability
Unknown
N/A
N/A
Apple, CVE-2022-32917, iPhones, Macs
95
12/09/2022
09/09/2022
09/09/2022
?
YouTube channel of Scuba Jake
The channel of a popular viral YouTuber Jake Koehler (aka Scuba Jake) is hacked to run a crypto scam.
Account Takeover
Individual
CC
US
Jake Koehler, Scuba Jake
96
12/09/2022
15/08/2022
15/08/2022
?
Eagle Mountain City
Eagle Mountain City falls victim to a BEC scam that resulted in the loss of nearly $1.13 million.
Business Email Compromise
Public admin and defence, social security
CC
US
Eagle Mountain City
97
13/09/2022
-
-
?
Steam users
Researchers from Group IB discover a new campaign where attackers are stealing Steam credentials using a Browser-in-the-Browser phishing technique.
Account Takeover
Arts entertainment, recreation
CC
>1
Group IB, Steam, Browser-in-the-Browser
98
13/09/2022
Since at least early 2021
Since April 2022
Threat actors associated with the ShadowPad activity cluster
Government entities in Asia
Researchers from Symantec/Broadcom identify a new cyber-espionage activity focusing on government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations.
Targeted Attack
Public admin and defence, social security
CE
>1
Symantec, Broadcom, ShadowPad
99
13/09/2022
-
-
?
Unknown organization(s)
Security software firm Trend Micro warns customers to patch CVE-2022-40139, an actively exploited Apex One security vulnerability as soon as possible.
CVE-2022-40139 Vulnerability
Multiple Industries
N/A
N/A
Trend Micro, CVE-2022-40139, Apex One
100
13/09/2022
-
-
?
Multiple organizations
Security researchers from Sansec reveal that attackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
Malicious Script Injection
Wholesale and retail
CC
>1
Sansec, FishPig, Magento, WordPress
101
13/09/2022
Since at least 08/09/2022
08/09/2022
?
Vulnerable WordPress sites
The Wordfence Threat Intelligence team warns that WordPress sites are actively targeted with exploits targeting CVE-2022-3180, a zero-day vulnerability in the WPGateway premium plugin.
CVE-2022-3180 Vulnerability
Multiple Industries
CC
>1
Wordfence, WordPress, CVE-2022-3180, WPGateway
102
13/09/2022
Since mid-2022
'Recently'
TA453 (AKA Charming Kitten, PHOSPHORUS and APT42)
Researchers involved in international security, particularly in Middle Eastern studies or nuclear security
Researchers from Proofpoint discover a new campaign carried out by the Iranian threat actor TA453 using Multi-persona impersonation (MPI)
Researchers from AdvIntel reveal that the Quantum and BlackCat ransomware gangs are now using the Emotet malware to deploy their payloads.
Malware
Multiple Industries
CC
>1
AdvIntel, Quantum, BlackCat, ransomware
104
13/09/2022
-
-
?
Legislatura CABA (Legislature of Buenos Aires)
Legislatura CABA discloses a ransomware attack.
Malware
Public admin and defence, social security
CC
AR
Legislatura CABA, Legislature of Buenos Aires, ransomware
105
13/09/2022
-
-
?
City Furniture
City Furniture confirms that the company experienced a data breach after sensitive consumer data contained on its network was compromised.
Unknown
Wholesale and retail
CC
US
City Furniture
106
13/09/2022
12/05/2022
12/05/2022
?
The Springs Living
The Springs Living reports a data breach after an unauthorized party gained access to sensitive information on the company’s computer network.
Unknown
Human health and social work
CC
US
The Springs Living
107
13/09/2022
30/03/2022
30/03/2022
Conti
TIC International Corporation (TIC)
TIC International Corporation (TIC) reports a data breach after the company learned it had been the target of a ransomware attack.
Malware
Finance and insurance
CC
US
TIC International Corporation, TIC, ransomware, Conti
108
13/09/2022
During August 2022
During August 2022
?
Individuals
Researchers from Avanan discover a phishing campaign using emails that look like they're coming from Facebook Ads Manager.
Account Takeover
Individual
CC
>1
Avanan, Facebook, Ads Manager
109
13/09/2022
Since March 2022
-
Chiffon Herring
University staff in the US
Researchers at Abnormal Security identify Chiffon Herring, a specific BEC scammer group targeting university staff in new payroll diversion attacks. Called Chiffon Herring.
Business Email Compromise
Education
CC
US
Abnormal Security, Chiffon Herring
110
13/09/2022
-
-
?
Instituto De Desarrollo Profesional (IDEPRO)
The Instituto De Desarrollo Profesional (IDEPRO) has 1GB of data leaked on a popular forum.
SQLi
Public admin and defence, social security
CC
PE
Instituto De Desarrollo Profesional, IDEPRO
111
13/09/2022
Mid-September 2022
Mid-September 2022
?
Ethereum investors
Twitter scammers are actively using verified Twitter accounts to impersonate Ethereum co-founder Vitalik Buterin and dupe investors.
Crypto scam
Fintech
CC
>1
Twitter, Ethereum,Vitalik Buterin
112
14/09/2022
During February 2021
During February 2021
SparklingGoblin AKA Earth Baku
University in Hong Kong
Researchers from ESET discover a Linux variant of the SideWalk backdoor, one of the multiple custom implants used by the SparklingGoblin APT group.
Targeted Attack
Education
CE
HK
ESET, Linux, SideWalk, SparklingGoblin, Earth Baku
113
14/09/2022
-
-
?
Greek Banking Users
Researchers from Cyble discover a novel phishing campaign targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them.
Account Takeover
Finance and insurance
CC
GR
Cyble
114
14/09/2022
-
-
?
Undisclosed organization(s)
CISA adds a new Windows vulnerability, elevation of privileges bug in the Windows Common Log File System Driver is tracked as CVE-2022-37969, to its list of security bugs exploited in the wild.
CVE-2022-37969 Vulnerability
Unknown
N/A
N/A
CISA, CVE-2022-37969
115
14/09/2022
14/09/2022
14/09/2022
?
Microsoft 365 users in the UK
Researchers from Proofpoint reveal that threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to sites that steal their Microsoft account credentials.
Account Takeover
Multiple Industries
CC
UK
Proofpoint, Queen Elizabeth, Microsoft 365
116
14/09/2022
-
-
?
Sniffies users
Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with typosquatting domains that push scams and dubious Google Chrome extensions.
Account Takeover
Individual
CC
>1
Sniffies, Google Chrome
117
14/09/2022
Since at least June 2018
Since at least June 2018
?
Healthcare Payment Processors in the US
The Federal Bureau of Investigation (FBI) issues an alert about attackers targeting healthcare payment processors to route payments to bank accounts controlled by them.
Account Takeover
Finance and insurance
CC
US
Federal Bureau of Investigation, FBI), healthcare payment processors
118
14/09/2022
Since at least August 2022
During August 2022
Gamaredon (AKA Primitive Bear, Shuckworm, IronTiden, and Callisto)
Entities in Ukraine
Researchers from Cisco Talos discover a new cyber espionage campaign by the Gamaredon Russian group targeting Ukrainian entities with previously unseen info-stealing malware.
Researchers from Malwarebytes discover an ongoing malvertising campaign injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams.
Malvertising
Individual
CC
>1
Malwarebytes, Microsoft Edge
120
14/09/2022
During July 2022
During July 2022
UNC4034 (AKA Temp.Hermit, Labyrinth Chollima)
Company in the media industry
Researchers from Mandiant reveal that North Korean hackers are using trojanized versions of the PuTTY SSH client to deploy backdoors on targets' devices as part of a fake Amazon job assessment.
Targeted Attack
Information and communication
CE
N/A
Mandiant, North Korea, PuTTY, Amazon, UNC4034, Temp.Hermit, Labyrinth Chollima
121
14/09/2022
14/09/2022
14/09/2022
?
Seesaw
Seesaw, a popular messaging application used by school districts across the U.S. is forced to apologize after parents said an inappropriate photo was sent out as a consequence of a credential stuffing attack.
Credential Stuffing
Information and communication
CC
US
Seesaw
122
14/09/2022
During 2022
During 2022
Islamic Revolutionary Guard Corps (IRGC)
Organizations in the U.S., Australia, Canada, and United Kingdom
A joint advisory by the government agencies in the US, UK, Canada, and Australia say that threat groups associated with Iran’s Islamic Revolutionary Guard Corps (IRGC) have been engaging in data encryption and extortion operations exploiting the Log4Shell vulnerability, Islamic Revolutionary Guard Corps, IRGC
Medical Associates of the Lehigh Valley (MATLV) announces that it fell victim to a sophisticated ransomware attack on its network.
Malware
Human health and social work
CC
US
Medical Associates of the Lehigh Valley in Pennsylvania, MATLV, ransomware
124
14/09/2022
From 24/12/2021 to 02/06/2022
02/06/2022
?
M.C. Dean
M.C. Dean confirms that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on its network.
Unknown
Professional, scientific and technical
CC
US
M.C. Dean
125
14/09/2022
-
-
?
Job Seekers in France
Researchers from Vade detect a new phishing campaign exploiting legitimate servers of Pôle Emploi, a career website operated by the French government.
Account Takeover
Individual
CC
FR
Vade, Pôle Emploi
126
14/09/2022
-
-
?
Real estate professionals
Researchers from Ironscales discover thousands of Microsoft 365 credentials stored in plaintext on phishing servers, as part of an unusual, targeted credential-harvesting campaign against real estate professionals.
Account Takeover
Real estate
CC
>1
Ironscales
127
14/09/2022
'Recently'
'Recently'
Kinsing
Multiple organizations
Researchers from Trend Micro discover a new campaign by the Kinsing malware exploiting the CVE-2020-14882 Oracle Web Logic vulnerability to deliver cryptocurrency-mining malware.
CVE-2020-14882 Vulnerability
Multiple Industries
CC
>1
Trend Micro, Kinsing, CVE-2020-14882, Oracle Web Logic
128
14/09/2022
-
-
RansomHouse
IPCA Laboratories
IPCA Laboratories, one of the biggest pharmaceutical companies in India, is hit by RansomHouse that claims to have stolen 500 gigabytes of data from its systems.
Malware
Professional, scientific and technical
CC
IN
IPCA Laboratories, RansomHouse, ransomware
129
14/09/2022
-
-
LockBit 3.0
InSpecs EyeWear
InSpecs EyeWear is added to the LockBit 3.0 ransomware leak site.
Malware
Manufacturing
CC
US
InSpecs EyeWear, LockBit 3.0, ransomware
130
14/09/2022
-
-
LockBit 3.0
Comision Nacional de Acreditación in Chile (CNA)
The Comision Nacional de Acreditación in Chile is hit with a LockBit 3.0 ransomware attack.
Malware
Public admin and defence, social security
CC
CL
Comision Nacional de Acreditación in Chile, CNA, LockBit 3.0, ransomware
131
14/09/2022
06/08/2022
06/08/2022
Black Basta
Elbit Systems of America
Elbit Systems of America, a subsidiary of Israeli defense giant Elbit Systems, confirms suffering a data breach, a few months after the Black Basta ransomware gang claimed to have hacked the company’s systems.
Malware
Professional, scientific and technical
CC
US
Elbit Systems of America, Elbit Systems, Black Basta, ransomware
132
14/09/2022
10/09/2022
-
GhostSec
Water system in Israel
Researchers from Otorio disclose a new attack from the GhostSec hacktivists against a water system in Israel.
Unknown
Water supply, waste mgmt, remediation
H
IL
Otorio, GhostSec
133
15/09/2022
15/09/2022
15/09/2022
?
Twitter account of the Italian Ministry of Ecological Transition
The Twitter account of the Italian Ministry of Ecological Transition is hacked by an unknown individual who takes over the profile with the identity of Ethereum founder Vitalik Buterin.
Account Takeover
Public admin and defence, social security
CC
IT
Twitter, Italian Ministry of Ecological Transition, Ethereum, Vitalik Buterin
134
15/09/2022
Since at least 2017
During 2022
WebWorn
IT service providers in Asia
Researchers from Symantec/Broadcom reveal that the Chinese 'Webworm' hacking group is using customized versions old RATs (Trochilus, Gh0st RAT, and 9002 RAT) in new attacks, likely to evade attribution and reduce operations costs.
Targeted Attack
Professional, scientific and technical
CE
>1
Symantec, Broadcom, Webworm, Trochilus, Gh0st RAT, 9002 RAT
135
15/09/2022
-
-
?
YouTube users
Researchers from Kaspersky discover a new self-spreading malware bundle (containing the RedLine Infostealer) promoted in YouTube videos targeting fans playing FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, and Spider-Man.
Malware
Individual
CC
>1
Kaspersky, RedLine, YouTube, FIFA, Final Fantasy, Forza Horizon, Lego Star Wars, Spider-Man.
136
15/09/2022
12/09/2022
12/09/2022
?
Undisclosed organization in Europe
Researchers from Akamai reveal to have mitigated a record-breaking DDoS attack peaking at 704.8 Mpps.
DDoS
Unknown
CC
N/A
Akamai
137
15/09/2022
20/08/2022
-
Hive
Bell Technical Solutions (BTS)
The Hive ransomware gang claims responsibility for an attack that hit the systems of Bell Canada subsidiary Bell Technical Solutions (BTS).
Malware
Education
CC
US
Hive, ransomware, Bell Canada, Bell Technical Solutions, BTS
138
15/09/2022
Since September 2022
During September 2022
TeamTNT
Multiple organizations
Researchers at AquaSec discover a new campaign by the TeamTNT.
Malware
Multiple Industries
CC
>1
AquaSec, TeamTNT
139
15/09/2022
Between 12/06/2022 and 17/07/2022
17/07/2022
?
Neurology Center of Nevada (NCNV)
The Neurology Center of Nevada (NCNV) confirms it experienced a data breach after the computers become inaccessible.
Unknown
Human health and social work
CC
US
Neurology Center of Nevada, NCNV
140
15/09/2022
06/02/2022
Between 29/01/2022 and 06/02/2022
?
Cash Express
Cash Express reports a data breach after the company experienced a data breach involving an unauthorized party gaining access to sensitive consumer data.
Unknown
Finance and insurance
CC
US
Cash Express
141
15/09/2022
Since July 2022
21/07/2022
?
Individuals
Researchers from Cluster25 discover Erbium, an information-stealing malware distributed as fake cracks and cheats for popular video games to steal victims' credentials and cryptocurrency wallets.
Malware
Individual
CC
>1
Cluster25, Erbium
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
I am starting a new project to track cloud-native threats, similarly to what I have done in 2020, with an interactive timeline. As soon as I collect more data I will start to generate some statistics.
2022 Cyber Attacks Statistics
Leaky Buckets in 2022
16-28 February 2023 Cyber Attacks Timeline
Cloud-Native Threats in 2021
The Biggest Data Breaches of 2021
