It really looks like that October won’t change the trend of the latest months: the level of cyber activity continues to be quite sustained, and this first half of the month was no exception: I have collected a total of 138 events (corresponding to 9.2 events/day), completely in line with the previous fortnights.
Ransomware is a primary attack vector even in this timeline, but its percentage remains around 20% (21.7% precisely, corresponding to 30 out of 138 events, very close to 19.3% of the previous timeline and far for the highest peaks of this year, so far, close to 30%).
Even the impact of vulnerabilities seems to have taken a decreasing trend. In this timeline the exploitation of software flaws characterized 9.4% of events (13 out of 138), slightly down from 11.4% of the previous timeline.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat actors.
And unfortunately the first half of October was no exception even in terms of massive events hitting fintech platforms: Binance, Mango Markets, and Transit Swap were hit hard, with total losses exceeding the equivalent of $700M in crypto assets.
The situation in Ukraine continues to characterize the cyber space, but the focus is shifting towards hacktivism. In particular the Russian collective KillNet was quite busy taking down targets in the US (governments and airports) and in Bulgaria. Similarly pro-Ukraine hacktivists hit multiple targets in Russia, in the public and private sector.
The cyber espionage front was also rich of campaign: POLONIUM, Budworm, Earth Aughisky, and WIP19 are only few examples of the threat groups whose campaigns were unearthed in this timeline.
Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map October H1 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/10/2022
Since July 2021
-
?
KFC and McDonald's customers
Researchers at CloudSEK reveal that KFC and McDonald's customers are being targeted via phishing campaigns across Saudi Arabia, UAE and Singapore, with payment details of some of them successfully stolen by attackers.
Account Takeover
Accommodation and food service
CC
SA
UAE
SG
CloudSEK, KFC, McDonald's
2
01/10/2022
-
-
?
Electricity Company of Ghana (ECG)
Electricity Company of Ghana is hit with a ransomware attack.
Malware
Electricity, gas steam, air conditioning
CC
GH
Electricity Company of Ghana, ECG, ransomware
3
02/10/2022
-
-
National Republican Army (NRA)
Unisoftware
Russian threat actors have begun launching cyber-attacks at targets inside their country, in retaliation for what they see as a needless war with Ukraine. Unisoftware, a Russian software developer, is the first victim.
Unknown
Professional, scientific and technical
H
RU
National Republican Army, NRA, Russia, Ukraine, Unisoftware
4
02/10/2022
-
01/10/2022
NLB Team
Digital Network System (DNS)
Russian retail chain DNS (Digital Network System) discloses that they suffered a data breach that exposed the personal information of customers and employees, allegedly carried out by pro-Ukrainian attackers via ransomware.
Malware
Wholesale and retail
H
RU
Ukraine, DNS, Digital Network System, NLB Team
5
02/10/2022
-
-
RansomEXX
Ferrari contractor
The ransomware group RansomEXX posted to its leak site on Sunday claiming to have stolen 7 GB of data from the company. Ferrari denies the breach.
Malware
Manufacturing
CC
IT
RansomEXX, Ferrari
6
02/10/2022
02/10/2022
02/10/2022
?
Transit Swap
Transit Swap, a decentralized finance platform, suffers a $28.9 million hack, with just under $19 million returned to the platform by the attacker.
Vulnerability
Fintech
CC
N/A
Transit Swap
7
02/10/2022
Between 2019 and 2021
-
?
Mexican journalists and a human rights defender
An investigation reveals that Mexican journalists and a human rights defender investigating links between extrajudicial killings, drugs cartels, and the Mexican military, were infected with NSO Group’s Pegasus spyware.
Targeted Attack
Individual
CE
MX
Pegasus, NSO Group, Mexico
8
02/10/2022
-
-
DESORDEN
The Icon Group
DESORDEN group discloses a hack of The Icon Group, leaking 161 GB of databases and files, including personal information of 264,128 customers.
Unknown
Accommodation and food service
CC
TH
DESORDEN, The Icon Group
9
02/10/2022
01/10/2022
01/10/2022
?
Orange Southwest Supervisory District
The Orange Southwest Supervisory District’s website is hacked and inundated with “hate speech, symbols, and photographs targeting transgender individuals."
Defacement
Education
CC
US
Orange Southwest Supervisory District
10
03/10/2022
-
-
?
Crypto investors
The Federal Bureau of Investigation (FBI) warns of a rise in 'Pig Butchering' cryptocurrency scams used to steal ever-increasing amounts of crypto from unsuspecting investors.
Account Takeover
Fintech
CC
US
FBI, Federal Bureau of Investigation, Crypto
11
03/10/2022
'Recently'
'Recently'
Emperor Dragonfly AKA Bronze Starlight and DEV-0401
Multiple organizations
Researchers from Sygnia discover a new campaign by the Chinese 'Emperor Dragonfly' group exploiting the Apache 'Log4Shell' Log4j vulnerability (CVE-2021-44228) to drop the Cheerscrypt ransomware.
Researchers from Trend Micro discover a parasitic threat actor named 'Water Labbu', hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims.
Malicious Script Injection
Fintech
CC
>1
Trend Micro, Water Labbu, JavaScript, Fintech
13
03/10/2022
-
-
?
Colombia’s National Food and Drug Surveillance Institute (INVIMA)
Colombia’s National Food and Drug Surveillance Institute (INVIMA) says it is dealing with a cyberattack that has disrupted operations at the agency.
Unknown
Public admin and defence, social security
CC
CO
Colombia, National Food and Drug Surveillance Institute, INVIMA
14
03/10/2022
-
-
?
Multiple organizations
Microsoft warns Exchange Online users that many of its customers are being targeted by password spray attacks using its basic authentication.
Password-spray
Multiple Industries
CC
>1
Microsoft Exchange
15
03/10/2022
During June and July of 2022
-
?
Mativ Holdings
Mativ Holdings files an official notice of a data breach after the company experienced a cyberattack that compromised sensitive employee information contained on its computer network.
Unknown
Manufacturing
CC
US
Mativ Holdings
16
03/10/2022
-
-
?
VisionWeb Holdings
VisionWeb Holdings files an official notice of a data breach after an unauthorized party was able to gain access to sensitive consumer information that had been entrusted to the company.
Account Takeover
Professional, scientific and technical
CC
US
VisionWeb Holdings
17
03/10/2022
During October 2022
During October 2022
?
Individuals in Singapore
In a new campaign, scammers have been sending out fake emails purportedly from Singapore Prime Minister Lee Hsien Loong, as they continue to target personalities, including government leaders, in pushing various scams.
Account Takeover
Individual
CC
SG
Singapore, Lee Hsien Loong
18
03/10/2022
-
-
?
U.K. Politicians
The current mobile phone number of the U.K. Prime Minister Liz Truss is being sold online, similarly the mobile phone numbers for Chancellor of the Exchequer, Kwasi Kwarteng, and 24 other members of the U.K. Cabinet are also accessible.
Unknown
Public admin and defence, social security
CC
UK
Liz Truss, Kwasi Kwarteng, U.K. Cabinet
19
03/10/2022
27/09/2022
-
Vice Society
Mars Area School District
The Mars Area School District is hit with a Vice Society ransomware attack.
Malware
Education
CC
US
Mars Area School District, Vice Society, ransomware
20
04/10/2022
-
-
Maggie
Microsoft SQL servers worldwide
Security researchers discover Maggie, a new malware targeting Microsoft SQL servers, already infecting hundreds of machines all over the world.
Malware
Multiple Industries
CC
>1
Maggie, Microsoft SQL servers
21
04/10/2022
Since May 2022
-
HeyMods, Highlight Mobi, and HeyWhatsApp
Android users
Meta sues several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using "unofficial" WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022.
Researchers from Kaspersky discover Operation OnionPoison, a spyware bundled inside a fake version of the anonymizing Tor browser advertised in China.
Malware
Individual
CC
CN
Kaspersky, Operation OnionPoison, Tor
23
04/10/2022
At least from November 2021 to January 2022
During November 2021
Multiple APTs
Unnamed defense company
The Cybersecurity and Infrastructure Security Agency (CISA), FBI and National Security Agency (NSA), say it is likely that multiple government hacking groups had “long-term” access to the network of a defense company, exploiting Microsoft Exchange vulnerabilities to gain access remotely and compromise legitimate company accounts to access emails, meetings, and contacts belonging to other employees, via a custom data exfiltration tool, CovalentStealer.
Targeted Attack
Public admin and defence, social security
CE
US
Cybersecurity and Infrastructure Security Agency, CISA, FBI, National Security Agency, NSA, Microsoft Exchange, Impacket, CovalentStealer
24
04/10/2022
Since July 2022
During July 2022
Cobalt Terrapin
Multiple organizations
Researchers from Abnormal Security discover a new Business Email Compromise Campaign (BEC) combining vendor impersonation and executive impersonation.
Business Email Compromise
Multiple Industries
CC
>1
Abnormal Security, Business Email Compromise Campaign, BEC
25
04/10/2022
-
-
?
Pegasus Group Australia
Australia’s largest telecommunications company Telstra discloses a data breach through Pegasus Group Australia, a third-party supplier.
Unknown
Administration and support service
CC
AU
Telstra, Pegasus Group Australia
26
04/10/2022
Between 14/05/2021 and 08/04/2022
-
?
Columbia River Mental Health Services
Columbia River Mental Health Services files an official notice of a data breach after the company learned that hackers had access to several employee email accounts for more than a year
Account Takeover
Human health and social work
CC
US
Columbia River Mental Health Services
27
04/10/2022
28/09/2022
28/09/2022
?
Pinnacle Midlands Health Network
Pinnacle Midlands Health Network is hit with a cyber attack.
Unknown
Human health and social work
CC
NZ
Pinnacle Midlands Health Network
28
04/10/2022
Over the last decade
-
Earth Aughisky
Users in Taiwan and Japan
Researchers from Trend Micro reveal the details of the latest espionage attacks against users in Taiwan, and, since 2017, Japan from the APT group Earth Aughisky.
Targeted Attack
Multiple Industries
CE
TW
JP
Trend Micro, APT, Earth Aughisky
29
04/10/2022
-
-
China and Russia
U.S. electors
The Federal Bureau of Investigation (FBI) reports that China and Russia are actively amplifying existing election misinformation in an effort to to interfere in the November midterms.
Coordinated Inauthentic Behavior
Public admin and defence, social security
CW
US
Federal Bureau of Investigation, FBI, China, Russia, Midterm
30
05/10/2022
-
-
OneFist
Russia’s Low Earth orbit (LEO) communication satellite system Gonets
Pro-Ukrainian hacker group OneFist claims to have breached Russia’s Low Earth orbit (LEO) communication satellite system Gonets (“Messenger”).
CommonSpirit, the second-largest nonprofit hospital chain in the U.S., confirms a cybersecurity incident, likely a ransomware attack, that is disrupting medical services across the country. Involved entities include CHI Memorial Hospital, St. Luke’s Health, and Virginia Mason Franciscan Health.
Malware
Human health and social work
CC
US
CommonSpirit Health, ransomware, CHI Memorial Hospital, St. Luke’s Health, and Virginia Mason Franciscan Health
32
05/10/2022
'Recently'
'Recently'
RatMilad
Mobile users in the Middle East
Researchers from Zimperium discover a new Android spyware named 'RatMilad', targeting mobile devices in the Middle East, used to spy on victims and steal data.
Malware
Multiple Industries
CE
>1
Zimperium, Android, RatMilad, Middle East
33
05/10/2022
-
-
?
Lloyd's
Insurance giant Lloyd’s of London says that it is investigating a possible cyber attack.
Unknown
Finance and insurance
CC
UK
Lloyd's
34
05/10/2022
Since at least July 2022
During July 2022
Eternity group
Multiple organizations
Researchers from Zscaler identify a new campaign carried out via the multifunctional malware bot known as LilithBot, sold on a subscription basis by the Eternity group.
Malware
Multiple Industries
CC
>1
Zscaler, LilithBot, Eternity group
35
05/10/2022
-
25/01/2022
?
Valle del Sol Community Health
Valle del Sol Community Health notifies 70,268 patients that some of their protected health information has been exposed after an unauthorized access.
Unknown
Human health and social work
CC
US
Valle del Sol Community Health
36
05/10/2022
-
-
?
At least 80 organizations in Latin America, Africa, Western Europe, South Asia, Australia and CIS countries
Researchers from Kaspersky discover AdvancedIPSpyware, a backdoored version of a legitimate Advanced IP Scanner tool used by network admins to control local area networks (LANs). The malicious tool affected a broad audience with victims in Latin America, Africa, Western Europe, South Asia, Australia and CIS countries.
Malware
Multiple Industries
CE
>1
Kaspersky, AdvancedIPSpyware, Advanced IP Scanner
37
05/10/2022
During the past eight months
During the past eight months
PseudoManuscrypt
Multiple organizations
Researchers from BitSight reveal that the relatively new PseudoManuscrypt botnet has evolved to ensnare more devices worldwide, infecting nearly 500,000 systems across 40 countries in the past eight months.
Malware
Multiple Industries
CC
>1
BitSight, PseudoManuscrypt
38
05/10/2022
Between 01/05/2022 to 01/07/2022
-
?
Multiple organizations
Researchers from BitDefender discover a cryptojacking campaign in which the attackers exploited known DLL Side-Loading vulnerabilities in Microsoft OneDrive.
Malware
Multiple Industries
CC
>1
BitDefender, DLL Side-Loading, Microsoft OneDrive
39
05/10/2022
02/10/2022
02/10/2022
?
Hartnell College
Hartnell College reveals to have been hit by a cyber attack after suspicious activity was detected.
Unknown
Education
CC
US
Hartnell College
40
05/10/2022
04/10/2022
04/10/2022
?
City of Dunedin
The city of Dunedin announces that officials discovered a cybersecurity incident impacting its network.
Unknown
Public admin and defence, social security
CC
NZ
Dunedin
41
05/10/2022
05/10/2022
05/10/2022
KillNet
Multiple state government websites including Colorado, Kentucky and Mississippi
Russian-speaking hackers from the KillNet collective claim responsibility for knocking offline state government websites in Colorado, Kentucky and Mississippi, among other states
DDoS
Public admin and defence, social security
H
US
Russia, KillNet, Colorado, Kentucky, Mississippi
42
05/10/2022
26/05/2022
-
?
City of Hamden
The city of Hamden reveals to have been hit with a cyber event.
Unknown
Public admin and defence, social security
CC
US
Hamden
43
05/10/2022
During August 2022
-
?
University of Limerick (UL)
Hundreds of people have their personal email addresses exposed in a data breach at the University of Limerick (UL).
Unknown
Education
CC
IE
University of Limerick, UL
44
05/10/2022
05/10/2022
05/10/2022
?
Grain Valley School District
The Grain Valley School District confirms it is investigating a cyber attack.
Unknown
Education
CC
US
Grain Valley School District
45
06/10/2022
06/10/2022
06/10/2022
?
Binance
Hackers reportedly steal 2 million Binance Coins (BNB), worth $566 million, from the Binance Bridge.
Vulnerability
Fintech
CC
KY
Binance, Binance Coins, BNB
46
06/10/2022
Since 10/09/2022
During September 2022
?
Multiple organizations
Researchers from Rapid7 reveal that hackers are actively exploiting an unpatched remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS),
CVE-2022-41352 Vulnerability
Multiple Industries
N/A
N/A
Rapid7, RCE, Zimbra Collaboration Suite, ZCS
47
06/10/2022
-
-
BazarCall
Users in the United States, Canada, the UK, India, China, and Japan
Researchers from Trellix discover a new wave of attacks using callback phishing with enhanced techniques.
Account Takeover
Multiple Industries
CC
CA
CN
IN
JP
UK
US
Trellix, callback phishing, BazarCall
48
06/10/2022
'Recently'
'Recently'
?
Individuals
Researchers from Cyble discover a new campaign carried out via malicious adult websites pushing fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data.
Malware
Individual
CC
>1
Cyble, adult websites
49
06/10/2022
-
-
EG Leaks
Financial institutions in Egypt
Researchers at cybersecurity firm Resecurity discover a new group of hacktivists targeting financial institutions in Egypt, under the campaign “EG Leaks” (also known as “Egypt Leaks”),
Unknown
Finance and insurance
H
EG
Resecurity, EG Leaks, Egypt Leaks
50
06/10/2022
-
-
?
Massachusetts Mutual Life Insurance
Massachusetts Mutual Life Insurance files an official notice of a data breach after an unauthorized party gained access to sensitive consumer information.
Unknown
Finance and insurance
CC
US
Massachusetts Mutual Life Insurance
51
06/10/2022
-
01/06/2022
?
Eventus WholeHealth
Eventus WholeHealth files an official notice of a data breach after the company learned that an unauthorized party had gained access to an employee’s email account.
Account Takeover
Human health and social work
CC
US
Eventus WholeHealth
52
06/10/2022
-
-
?
Amerigroup Insurance
Amerigroup Insurance reports a data breach, resulting in the names, addresses, Social Security numbers, and health insurance information belonging to certain individuals being compromised.
Account Takeover
Finance and insurance
CC
US
Amerigroup Insurance
53
06/10/2022
16/09/2022
16/09/2022
?
Healthcare company
Researchers from Armroblox discover a phishing campaign spoofing Zoom to steal Microsoft user credentials.
Account Takeover
Human health and social work
CC
N/A
Armroblox, Zoom, Microsoft
54
06/10/2022
21/08/2022
-
?
Costa Group
Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack that resulted in unauthorized access to its servers.
Account Takeover
Accommodation and food service
CC
AU
Costa Group
55
06/10/2022
01/10/2022
-
DESORDEN
REDTONE DIGITAL
DESORDEN claims to have hacked REDTONE DIGITAL, a Malaysian telecom.
Unknown
Information and communication
CC
MY
DESORDEN, REDTONE DIGITAL
56
06/10/2022
Since at least 13/09/2022
-
?
City of Houston
The City of Houston Website is possibly hacked after a string of unusual posts.
Unknown
Public admin and defence, social security
CC
US
City of Houston
57
06/10/2022
-
-
?
Covisian
Covisian, an Italian company providing technology services, is hit with a ransomware attack.
Malware
Professional, scientific and technical
CC
IT
Covisian, ransomware
58
07/10/2022
07/10/2022
07/10/2022
?
Sberbank
Sberbank reveals to have suffered a massive DDoS attack.
DDoS
Finance and insurance
H
RU
Sberbank
59
07/10/2022
SInce at least August 2022
During August 2022
LofyGang
Multiple organizations
Researchers from CheckMarx reveal that the LofyGang threat actors have created a credential-stealing enterprise by distributing 200 malicious packages and fake hacking tools on code hosting platforms, such as NPM and GitHub.
Malware
Multiple Industries
CC
>1
CheckMarx, LofyGang, Discord, NPM, GitHub
60
07/10/2022
During September 2021
Between 13/09/2021 and 21/09/2021
IcedID
Italian and English speakers
Researchers at Team Cymru observe several campaigns distributing the IcedID malware to Italian and English speakers.
Malware
Multiple Industries
CC
IT
Team Cymru, IcedID
61
07/10/2022
During 2022
During 2022
?
Facebook users
Researchers from Meta says it has notified a million Facebook users that their usernames and passwords might have been stolen after downloading one of over 400 malicious Android and iOS smartphone apps.
Malware
Individual
CC
>1
Meta, Facebook, Android, iOS
62
07/10/2022
-
-
?
Urology of Greater Atlanta (UGATL)
Urology of Greater Atlanta (UGATL) files an official notice of a data breach after information that had been entrusted to the practice group was compromised
Unknown
Human health and social work
CC
US
Urology of Greater Atlanta, UGATL
63
07/10/2022
-
06/04/2022
?
Lake Nona Estates Management
Lake Nona Estates Management files an official notice of a data breach after an unauthorized party was able to gain access to sensitive consumer information stored on the company’s computer system.
Unknown
Real estate
CC
US
Lake Nona Estates Management
64
07/10/2022
-
-
?
GEE Group
GEE Group files an official notice of a data breach after an unauthorized party accessed and encrypted sensitive data located on its computer servers.
Malware
Administration and support service
CC
US
GEE Group, ransomware
65
07/10/2022
Between 30/04/2022 and 06/042022
During April 2022
?
Cardiac Imaging Associates, CIA
Cardiac Imaging Associates (CIA) discloses a phishing incident.
Account Takeover
Human health and social work
CC
US
Cardiac Imaging Associates, CIA
66
07/10/2022
Late May 2022
24/08/2022
?
UW Medicine
UW Medicine notifies patients about a ransomware attack at its mail service vendor Kaye-Smith, which has compromised the protected health information of 3,800 patients.
Malware
Human health and social work
CC
US
UW Medicine, ransomware, Kaye-Smith
67
07/10/2022
-
01/08/2022
?
Trillium Health
Trillium Health reports a data security incident that exposed the protected health information of 3,191 patients, after suspicious activity in the email account of one of its employees was discovered.
Account Takeover
Human health and social work
CC
US
Trillium Health
68
07/10/2022
19/09/2022
-
?
Turkish branch of Harvard Business Review
Threat actors get access and encrypt a database with over 152,000 customer records before its owner, the Turkish branch of Harvard Business Review, closed it.
Misconfiguration
Information and communication
CC
TR
Harvard Business Review
69
07/10/2022
Late December 2020
-
?
Saskatoon obstetrics and gynecology clinic
A ransomware attack on a Saskatoon obstetrics and gynecology clinic leaves the personal health information of up to 20,000 patients compromised.
Malware
Human health and social work
CC
US
Ransomware, Saskatoon
70
07/10/2022
03/10/2022
03/10/2022
?
Bank of Brasilia
Bank of Brasilia is hit with a ransomware attack,
Malware
Finance and insurance
CC
BR
Bank of Brasilia, ransomware
71
07/10/2022
05/10/2022
05/10/2022
?
Municipality of Rosignano Marittimo
The municipality of Rosignano Marittimo in Tuscany is hit with a ransomware attack.
Malware
Public admin and defence, social security
CC
IT
Rosignano Marittimo, ransomware
72
08/10/2022
-
-
Everest
ESKOM
The Everest ransomware operators claim to have hacked South Africa state-owned company ESKOM.
Malware
Electricity, gas steam, air conditioning
CC
ZA
Everest, ransomware, ESKOM
73
08/10/2022
Between approximately 30/03/2022 and 06/04/2022.
-
?
Cardiac Imaging Associates (CIA)
Cardiac Imaging Associates (CIA) notifies people of a breach that occurred after an unauthorized actor could access files in an email account.
Account Takeover
Human health and social work
CC
US
Cardiac Imaging Associates, CIA
74
09/10/2022
Two weeks earlier
Two weeks earlier
?
Solana cryptocurrency owners
A new campaign is targeting Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets.
Account Takeover
Finance and insurance
CC
>1
Solana, Phantom
75
09/10/2022
09/10/2022
09/10/2022
?
Iran State TV
Hackers backing Iran's wave of women-led protests interrupt a state TV news broadcast with an image of gun-sight crosshairs and flames over the face of supreme leader Ayatollah Ali Khamenei.
Unknown
Information and communication
H
IR
Iran, Ayatollah Ali Khamenei
76
09/10/2022
After 30/09/2022
-
LCFCASD
Intel
Intel confirms that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns with researchers.
Unknown
Manufacturing
CC
US
LCFCASD, Intel, UEFI BIOS, Alder Lake, CPU
77
09/10/2022
-
-
?
Crypto investors
Researchers from Trend Micro reveal that a new wave of PayPal invoice scams have been found using blockchain/cryptocurrency-related businesses as their disguise.
Account Takeover
Fintech
CC
>1
Trend Micro, PayPal, Crypto
78
09/10/2022
-
-
?
Individuals in India
Researchers from CloudSEK discover hundreds of fake identity card-printing websites, duping people by using their personal information.
Account Takeover
Individual
CC
IN
CloudSEK
79
09/10/2022
-
-
DESORDEN
Johnson Fitness and Wellness
DESORDEN Group hacks Johnson Fitness and Wellness and leaks 71 GB of data.
Unknown
Manufacturing
CC
TH
DESORDEN, Johnson Fitness and Wellness
80
10/10/2022
10/10/2022
10/10/2022
Cyber Army
Ukrainian Armor
Russian hacktivists from the Cyber Army claim to have hacked an Ukraine’s armored vehicle producers
Unknown
Manufacturing
H
UA
Cyber Army, Ukrainian Armor
81
10/10/2022
10/10/2022
10/10/2022
KillNet
Several airports in the U.S. including the Hartsfield-Jackson Atlanta International Airport (ATL), and the Los Angeles International Airport (LAX)
The pro-Russian hacktivist group 'KillNet' claims large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible.
DDoS
Transportation and storage
H
US
Killnet, Russia, Hartsfield-Jackson Atlanta International Airport, ATL, Los Angeles International Airport, LAX
82
10/10/2022
10/10/2022
10/10/2022
Pro-Russia attackers
Monobank
Pro-Russia attackers launch DDoS attacks against the Ukrainian mobile bank Monobank, sending 6 million requests per minute.
DDoS
Finance and insurance
H
UA
Monobank
83
10/10/2022
-
-
Multiple threat actors
Multiple organizations
Fortinet confirms that the critical authentication bypass security vulnerability CVE-2022-40684 is being exploited in the wild.
CVE-2022-40684 Vulnerability
Multiple Industries
N/A
N/A
Fortinet, CVE-2022-40684
84
10/10/2022
During March 2022
During March 2022
Multiple threat actors
Multiple organizations
Researchers from Mandiant observe malicious actors using a shared Phishing-as-a-Service (PhaaS) platform called “Caffeine”.
Account Takeover
Multiple Industries
CC
>1
Mandiant, Phishing-as-a-Service, PhaaS, Caffeine
85
10/10/2022
-
-
?
Dialog
Telecommunication giant Singtel conforms that another of its Australian subsidiaries, consulting unit Dialog, was the victim of a hack.
Unknown
Information and communication
CC
AU
Dialog
86
10/10/2022
'Recently'
13/05/2022
?
Northern Data Systems
Northern Data Systems files notice of a data breach, after the company confirmed that sensitive consumer data stored on its computer system was accessible to an unauthorized party.
Unknown
Professional, scientific and technical
CC
US
Northern Data Systems
87
10/10/2022
-
During January 2022
?
The Scoular Company
The Scoular Company confirms that the company recently experienced a data breach after an unauthorized party was confirmed to have accessed the company’s secure computer network.
Unknown
Administration and support service
CC
US
The Scoular Company
88
10/10/2022
26/04/2022
-
Industrial Spy
Network Contacts
Enel, the main Italian provider of Electricity, warns its customer that a third-party partner, Network Contacts, has suffered a security breach.
Malware
Administration and support service
CC
IT
Enel, Network Contacts, Industrial Spy
89
11/10/2022
-
-
?
Ukrainian military personnel
Researchers from Fortinet discover a new campaign carried out via an Ukrainian Military-Themed Excel File Delivers Multi-Stage Cobalt Strike Loader.
Targeted Attack
Public admin and defence, social security
CE
UA
Fortinet, Ukraine, Cobalt Strike Loader
90
11/10/2022
Since at least September 2021
-
POLONIUM
More than a dozen organizations in Israel
Researchers from ESET unearth a campaign by the Lebanese threat actor POLONIUM targeting more than a dozen organizations in Israel with a malware dubbed 'Creepy'.
Targeted Attack
Multiple Industries
CE
IL
POLONIUM, ESET, Creepy
91
11/10/2022
Since at least 21/07/2022
During July 2022
LockBit 3.0
Multiple organizations
Microsoft investigates reports of a new zero-day bug abused to hack Exchange servers which were later used to launch Lockbit ransomware attacks.
Malware
Multiple Industries
CC
>1
Microsoft, Exchange, Lockbit, Ransomware
92
11/10/2022
-
-
?
Undisclosed organization(s)
Microsoft fixes CVE-2022-41033, an actively exploited Windows vulnerability
CVE-2022-41033 Vulnerability
Unknown
N/A
N/A
Microsoft, CVE-2022-41033, Windows
93
11/10/2022
-
06/04/2022
?
BBRG TR
BBRG TR files a notice of a data breach after an unauthorized party was able to gain access to the companies’ computer networks.
Unknown
Accommodation and food service
CC
US
BBRG TR
94
11/10/2022
End of September 2022
End of September 2022
?
Small businesses in the U.S.
Researchers from INKY detect a phishing campaign that taking advantage of COVID-19 in an attempt to steal financial account details from business users.
Account Takeover
Multiple Industries
CC
US
INKY, COVID-19; SBA, Small Business Administration
95
11/10/2022
-
-
RansomEXX
Consorci Sanitari Integral
The RansomExx gang publishes a 52-gigabyte file containing data taken from the Consorci Sanitari Integral, a public entity that provides medical and social services.
Malware
Human health and social work
CC
ES
RansomExx, Consorci Sanitari Integral, ransomware
96
11/10/2022
11/10/2022
11/10/2022
Karakurt
Municipality of Belen
The municipality of Belen in Costa Rica is hit with a Karakurt ransomware attack.
Malware
Public admin and defence, social security
CC
CR
Belen, Costa Rica, Karakurt, ransomware
97
11/10/2022
Since May 2022
During May 2022
SpyAgent
Multiple organizations
Researchers from DeepInstinct discover a new campaign distributing the SpyAgent (AKA TeamSpy/TVRat/TeamBot/Sheldor) infostealer.
Malware
Multiple Industries
CC
>1
Deep Instinct, SpyAgent, TeamSpy, TVRat, TeamBot, Sheldor
98
12/10/2022
11/10/2022
11/10/2022
?
Mango Markets
Mango Markets, a cryptocurrency trading platform, is robbed of more than $100 million after a hacker used a flash loan attack to exploit the platform.
Flash loan
Fintech
CC
N/A
Mango Markets
99
12/10/2022
-
-
Triada
Android users
Researchers from Kaspersky discover Trojan.AndroidOS.Triada.eq, a new version of an unofficial WhatsApp Android application named 'YoWhatsApp', stealing access keys for users' accounts.
Cloudflare reveals to have detected and mitigated a large 2.5 Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft.
DDoS
Arts entertainment, recreation
CC
N/A
Cloudflare, Mirai, Minecraft, Wynncraft
101
12/10/2022
-
-
?
Individuals in the U.S.
Scammers exploit the crisis faced by victims of Hurricane Ian to steal government funds and personal information with fake applications to the Federal Emergency Management Agency (FEMA).
Account Takeover
Individual
CC
US
Hurricane Ian, Federal Emergency Management Agency, FEMA
102
12/10/2022
-
-
Cyber Army
Lviv Chamber of Commerce
Russian hacktivists from the Cyber Army claim to have hacked the websites of the Lviv Chamber of Commerce.
Unknown
Public admin and defence, social security
H
UA
Cyber Army, Lviv Chamber of Commerce
103
12/10/2022
-
-
Copybara
Italian online-banking users
Researchers from ThreatFabric uncover a network of phishing websites targeting Italian online-banking users and aiming to steal their banking credentials, connected with the Android banking Trojan dubbed Copybara, involved in telephone-oriented attack delivery.
Account Takeover
Finance and insurance
CC
IT
ThreatFabric, Android, Copybara
104
12/10/2022
Since 2014
-
WIP19
Telecommunications and IT service providers in the Middle East and Asia
Researchers from Sentinel One reveal the details of WIP19, a Chinese threat actor targeting telecommunications and IT service providers in the Middle East and Asia.
Targeted Attack
Information and communication
CE
>1
Sentinel One, WIP19, China
105
12/10/2022
Since 8/09/2022
During October 2022
Qbot AKA QUAKBOT, QAKBOT
Multiple organizations
Researchers from Trend Micro and Kaspersky reveal that more than 800 corporate users have been infected in a new QBot malware distribution campaign. One of the attacker is the Black Basta ransomware gang, infiltrating the network via Brute Ratel, and Cobalt Strike
Amazon users are warned about a new text message scam.
Account Takeover
Individual
CC
>1
Amazon
107
12/10/2022
Between 22/12/2020 and 15/07/2021
Between 22/07/2021 and 03/08/2021
?
Radiology Associates of Albuquerque, AKA RAA Imaging
Radiology Associates of Albuquerque, also known as RAA Imaging, informs an undisclosed number of patients of a health data breach involving protected health information exposure.
Account Takeover
Human health and social work
CC
US
Radiology Associates of Albuquerque, RAA Imaging
108
12/10/2022
-
15/8/2022
BianLian
Aesthetic Dermatology Associates
Aesthetic Dermatology Associates is hit with a BianLian ransomware attack.
Legacy Post Acute Care confirms that multiple employee email accounts were accessed by an unauthorized individual, who may have viewed or acquired the protected health information of certain patients.
Account Takeover
Human health and social work
CC
US
Legacy Post Acute Care
110
12/10/2022
Late May 2022
Late May 2022
?
MultiCare Health System
MultiCare Health System says that some of its employees' personal data was compromised in a ransomware attack against third-party printing vendor Kaye-Smith.
Malware
Human health and social work
CC
US
MultiCare Health System, ransomware, Kaye-Smith
111
12/10/2022
Early October 2022
Early October 2022
?
Indianapolis Housing Agency
The Indianapolis Housing Agency is hit with a cyber attack.
Unknown
Public admin and defence, social security
CC
US
Indianapolis Housing Agency
112
13/10/2022
-
-
Alchimist
Multiple organizations
Researchers from Cisco Talos discover a new attack and C2 framework called 'Alchimist,' which appears to be actively used in attacks targeting Windows, Linux, and macOS systems.
Malware
Multiple Industries
CC
>1
Cisco Talos, Alchimist, Insekt
113
13/10/2022
Since 10/09/2022
During September 2022
Multiple APTs
Multiple organizations
Researchers from Kaspersky reveal that they detected at least 876 servers being compromised by sophisticated attackers leveraging the Zimbra Collaboration Suite (ZCS) CVE-2022-41352 vulnerability before it was widely publicized and received a CVE identifier.
Researchers from HP discover a recent malicious campaign delivering the Magniber ransomware with a Javascript installer, targeting Windows home users with fake security updates.
Malware
Individual
CC
>1
HP, Ransomware, Magniber, Javascript
115
13/10/2022
During August 2022
During August 2022
Vietnamese threat actors
Facebook business accounts
Researchers from Zscaler discover a new Ducktail phishing campaign, spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook business accounts, browser data, and cryptocurrency wallets.
Budworm (AKA APT27, Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, and TG-3390)
Undisclosed legislature of a U.S. state
Researchers from Symantec/Broadcom reveal the details of the latest campaigns by the Chinese Budworm group, carried out exploiting the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105).
Researchers from Symantec/Broadcom reveal the details of the latest campaigns by the Chinese Budworm group, carried out exploiting the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105).
Researchers from Symantec/Broadcom reveal the details of the latest campaigns by the Chinese Budworm group, carried out exploiting the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105).
Researchers from Symantec/Broadcom reveal the details of the latest campaigns by the Chinese Budworm group, carried out exploiting the Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45105).
Researchers from Avanan reveal that attackers are spoofing Google Translate in an ongoing phishing campaign that uses a common JavaScript coding technique to bypass email security scanners.
Account Takeover
Individual
CC
>1
Avanan, Google Translate
121
13/10/2022
-
-
?
Financial Dimensions Group
Royal Alliance files a notice of a data breach on behalf of Financial Dimensions Group, The breach resulted in the names, addresses, dates of birth, driver’s license numbers, financial account numbers, Social Security numbers, and other information belonging to certain clients being compromised.
Unknown
Finance and insurance
CC
US
Royal Alliance, Financial Dimensions Group
122
13/10/2022
09/08/2022
09/08/2022
?
Family Medicine Shady Grove (FMSG)
Family Medicine Shady Grove (FMSG) discloses a ransomware attack.
Malware
Human health and social work
CC
US
Family Medicine Shady Grove, FMSG, ransomware
123
13/10/2022
During March 2022
-
?
Elevate
Messaging app Snap has employee data exposed by a breach at a third-party document analysis firm Elevate, after an unauthorized party had accessed some of Elevate's computer systems.
Unknown
Professional, scientific and technical
CC
US
Snap, Elevate
124
13/10/2022
During March 2022
-
?
Church of Jesus Christ of Latter-day Saints
The Church of Jesus Christ of Latter-day Saints detect unauthorized activity that affected personal data of some Church members, employees, contractors, and friends. The attack was part of a large-scale, state-sponsored scheme targeting organizations and governments worldwide.
Targeted Attack
Other service activities
CE
US
Church of Jesus Christ of Latter-day Saints
125
13/10/2022
During March 2022
-
?
FamilySearch
Genealogy website FamilySearch announces that hackers had broken into its systems and stolen personal data about its users.
Targeted Attack
Other service activities
CE
US
FamilySearch
126
13/10/2022
-
-
?
New Mexico Regulation and Licensing Department (RLD).
New Mexico’s Cybersecurity Office investigates an unauthorized access to the information systems at the New Mexico Regulation and Licensing Department (RLD).
Unknown
Public admin and defence, social security
CC
US
New Mexico Regulation and Licensing Department, RLD
127
13/10/2022
'Recently'
-
Mitsu Stealer
Multiple organizations
Researchers from Cyble discover a new campaign distributing the Mitsu Stealer via a malicious website impersonating a genuine AnyDesk website.
Malware
Multiple Industries
CC
>1
Cyble, Mitsu Stealer, AnyDesk
128
14/10/2022
11/10/2022
11/10/2022
Prestige
Transportation and logistics organizations in Ukraine and Poland
Researchers from Microsoft discover a new Prestige ransomware, used to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks.
Malware
Transportation and storage
CC
UA
PL
Microsoft, Prestige, ransomware
129
14/10/2022
14/10/2022
14/10/2022
?
Heilbronn Stimme
German newspaper ‘Heilbronn Stimme’ is hit with a ransomware attack crippling its printing systems.
Malware
Information and communication
CC
DE
Heilbronn Stimme, Ransomware
130
14/10/2022
14/10/2022
14/10/2022
?
Medibank
Health insurance provider Medibank confirms that a ransomware attack is responsible for a disruption of online services.
Malware
Finance and insurance
CC
AU
Medibank, ransomware
131
14/10/2022
14/10/2022
14/10/2022
Christian Dior
MyDeal
Woolworths' MyDeal subsidiary, an Australian retail marketplace, discloses a data breach affecting 2.2 million customers, with the hacker trying to sell the stolen data on a hacker forum.
Account Takeover
Wholesale and retail
CC
AU
Woolworths, MyDeal, Christian Dior
132
14/10/2022
14/10/2022
14/10/2022
?
Tata Power
Indian energy giant Tata Power announces to be dealing with a cyberattack impacting some of its systems.
Unknown
Electricity, gas steam, air conditioning
N/A
IN
Tata Power
133
14/10/2022
Between 28/07/2022 and 19/08/2022
19/08/2022
?
Keystone Health
Keystone Health starts informing patients of a data breach potentially impacting the personal information of 235,000 patients.
Unknown
Human health and social work
CC
US
Keystone Health
134
14/10/2022
-
-
LockBit 3.0
Tamash
The LockBit ransomware gangs claims to have hit Tamash, an Israeli company which specializes in the development, production, and marketing of electrical cabinets and various metal products.
Malware
Manufacturing
CC
IL
LockBit, ransomware, Tamash
135
14/10/2022
-
-
?
WakeMed Health & Hospitals
WakeMed Health & Hospitals files an official notice of a data breach involving the names, protected health information, and potentially the Social Security numbers of affected parties.
Unknown
Human health and social work
CC
US
WakeMed Health & Hospitals
136
14/10/2022
15/08/2022
15/08/2022
?
Ascension St. Vincent’s Coastal Cardiology
Ascension St. Vincent’s Coastal Cardiology files an official notice of a data breach after the company experienced a ransomware attack.
Malware
Human health and social work
CC
US
Ascension St. Vincent’s Coastal Cardiology, ransomware
137
14/10/2022
Between 14/01/2022 and 08/02/2022
08/02/2022
?
Lifespire Services
Lifespire Services files notice of a data breach after the organization experienced a cybersecurity threat compromising information stored on its servers.
Unknown
Human health and social work
CC
US
Lifespire Services
138
14/10/2022
End of September 2022
End of September 2022
RedLine
Multiple organizations
Researchers at Cyble Research and Intelligence Labs (CRIL) discover an advanced phishing site that mimics the legitimate Convertio website known for spreading the RedLine stealer malware strain.
Malware
Multiple Industries
CC
>1
Cyble, RedLine, Convertio
139
14/10/2022
During August 2022
-
Quilin
Emtelco
Emtelco, a Colombian customer experience firm, is hit with a Qilin ransomware attack.
Malware
Professional, scientific and technical
CC
CO
Emtelco, Qilin, ransomware
140
14/10/2022
07/09/2022
-
Quilin
Lojas Torra
Lojas Torra, a fashion retailer in Brazil, is hit with a Qilin ransomware attack.
Malware
Wholesale and retail
CC
BR
Lojas Torra, Qilin, ransomware
141
14/10/2022
14/10/2022
14/10/2022
?
Seton Medical Center
A phishing incident hitting a vendor of Seton Medical Center may have exposed the patient names and clinical information.
Account Takeover
Human health and social work
CC
US
Seton Medical Center
142
15/10/2022
15/10/2022
15/10/2022
Kilnet
Bulgarian presidential administration, Defense Ministry, Interior Ministry, Justice Ministry, and the Constitutional Court
Pro-Russian hackers from the Killnet collective take down some Bulgarian government websites: the presidential administration, the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court.
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.
Malware
Multiple Industries
CC
>1
Leiden Institute of Advanced Computer Science, GitHub
144
15/10/2022
Since 2017
Since 2017
Multiple threat actors
Multiple organizations
Researchers discover thousands of GitHub repositories that offer fake proof-of-concept (PoC) exploits for various flaws used to distribute malware.
Malware
Multiple Industries
CC
>1
GitHub
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
The first cyber attack timeline of September 2023 reveals a record-breaking 13.93 events/day, a worrying increase from August's downward trend. Ransomware and malware attacks continue to be prevalent, making up 39.7% of the threat landscape, a rise from 34.5%. The impact of vulnerabilities remains vital ...
After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively...
16-30 September 2023 Cyber Attacks Timeline
The Biggest Data Breaches of 2023
1-15 September 2023 Cyber Attacks Timeline
August 2023 Cyber Attacks Statistics
Cloud-Native Threats in 2023
