16-31 October 2022 Cyber Attacks Timeline

EVENTS

EVENTS/DAY

EVENTS

EVENTS/DAY

In the second timeline of October, I have collected 130 events (corresponding to 8.13 events/day), a noticeable drop compared to the 144 of the previous timeline. I wonder if this is a temporary decrease or the beginning of a new trend.

Ransomware is a primary attack vector even in this timeline, and its percentage reaches again the higher values of 2022 with 31.5% (41 out of 130 events), a sharp increase compared to 20.8% of the first half of October. Instead the impact of vulnerabilities remains stable at 10%, very close to 9.7% of the first half of this month.

16-30 September 2023 Cyber Attacks Timeline

The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat actors.

The toll to Decentralized Finance platforms continue to grow: in this timeline two organizations, Moola Market and Team Finance, fell victim of the attackers, with a total loss of nearly 24 million worth of cryptocurrency (respectively 9 million and 14.5 million.) Ironically, as if the massive crash was not enough, the FTX users were victim of a phishing campaign.

And despite the impact of the cyber campaigns related to Ukraine seems to decrease (at least the ones that are visible), the cyber espionage front continues to be quite hot. The list of the known threat actors active in this period include: APT41 (AKA Winnti, Chinese attribution), Domestic Kitten (Iran), Sidewinder (Pakistan), Kimsuky (North Korea). Instead the new threat actors revealed in this timeline include: DiceyF and Cranefly. Two additional events to notice in this timeline include the alleged hack of the cellphone of the previous UK Prime Minister Liz Truss (by suspected Russian threat actors), and the constant presence of Coordinated Inauthentic Behavior operations aiming to undermine the public opinion of western contries. It is also interesting to notice that yet another ransomware gang (Cuba) turned its unwelcome intentions to Ukraine

Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map October H2 2022

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
1	16/10/2022	Since at least early October 2022	Early October 2022	Venus	Multiple organizations	A relatively new ransomware named Venus targets publicly-exposed Remote Desktop services to encrypt Windows devices.	Malware	Multiple Industries	CC	>1		Venus, ransomware
2	17/10/2022	Since at least February 2022	-	Russia?	Individuals	A new research examining pro-Kremlin edits made to the English-language page for the Russo-Ukrainian war sheds light on how Wikipedia can be manipulated for information warfare.	Coordinated Inauthentic Behavior	Individual	CW	>1		Russia, Ukraine, Wikipedia
3	17/10/2022	Since at least November 2021	-	DiceyF	Online casinos based in Southeast Asia	Researchers from Kaspersky reveal that a hacking group named ‘DiceyF’ has been observed deploying a malicious attack framework against online casinos based in Southeast Asia since at least November 2021.	Targeted Attack	Arts entertainment, recreation	CE	>1		Kaspersky, DiceyF
4	17/10/2022	Since at least September 2021	During September 2021	Mexican Government?	Individuals in Mexico	Mexican opposition congressman Agustin Basave Alanis says his phone was infected by Pegasus, the fourth alleged case of the controversial spyware being deployed under President Andres Manuel Lopez Obrador, who had vowed to stop using it.	Targeted Attack	Individual	CE	MX		Agustin Basave Alanis, Pegasus, Andres Manuel Lopez Obrador
5	17/10/2022	-	-	LockBit 3.0	Oomiya	The IT infrastructure of the Japanese tech company Oomiya is hit with the LockBit 3.0 ransomware.	Malware	Professional, scientific and technical	CC	JP		Oomiya, LockBit 3.0, ransomware
6	17/10/2022	-	-	?	Vinomofo	Wine retailer Vinomofo is targeted by threat actors, with reports suggesting as many as half a million customers may have had their information exposed.	Unknown	Wholesale and retail	CC	AU		Vinomofo
7	17/10/2022	Between 18/04/2022 and 07/05/2022	04/05/2022	?	MODE Global	MODE Global reports a data breach after the company discovered that an unauthorized party had gained access to its computer system.	Unknown	Transportation and storage	CC	US		MODE Global
8	17/10/2022	-	-	Chinese threat actors	U.S. political parties	The FBI warns that chinese government threat actors are scanning U.S. political party domains ahead of midterm elections.	Vulnerability	Public admin and defence, social security	CW	US		China, US, midterm elections
9	17/10/2022	09/09/2022	09/09/2022	?	Aarti Drugs	Indian pharmaceutical major, Aarti Drugs is hit with a BianLian ransomware attack.	Malware	Professional, scientific and technical	CC	IN		Aarti Drugs, BianLian, Ransomware
10	17/10/2022	-	-	?	Netflix users in Australia	Netflix users in Australia are warned of a new email phishing scam that targets Netflix users and attempts to steal their financial and personal information.	Account Takeover	Individual	CC	AU		Netflix
11	17/10/2022	17/10/2022	17/10/2022	?	Dallas-Fort Worth International Airport	The Federal Aviation Administration investigates the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly.	GPS Interference	Transportation and storage	CC	US		Federal Aviation Administration, Dallas-Fort Worth International Airport
12	18/10/2022	Since at least one year	-	APT41 (AKA Winnti, Barium, Blackfly, Double Dragon, Wicked Panda, Wicked Spider)	Government agencies in Hong Kong	Researchers at Symantec uncover a campaign attributed to the China-linked espionage actor APT41 (AKA Winnti), a likely continuation of the Operation CuckooBees, which breached government agencies in Hong Kong and remained undetected for a year in some cases. The threat actor has been using custom malware called Spyder Loader.	Targeted Attack	Public admin and defence, social security	CE	HK		Symantec, China, APT41, Winnti, Spyder Loader, Operation CuckooBees, Barium, Blackfly, Double Dragon, Wicked Panda, Wicked Spider
13	18/10/2022	-	Between 06/10/2022 and 10/10/2022	?	Verizon	Verizon warns an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks.	Account Takeover	Information and communication	CC	US		Verizon, SIM Swapping
14	18/10/2022	-	-	?	At least 69 entities worldwide	Researchers from SafeBreach discover a previously undetected and undocumented PowerShell backdoor, actively used by a threat actor who has targeted at least 69 entities.	Malware	Multiple Industries	CE	>1		SafeBreach, PowerShell
15	18/10/2022	-	-	?	Individuals	Researchers at Cyble discover a massive, malicious campaign, using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware, including the ERMAC Banking Trojan.	Malware	Individual	CC	>1		Cyble, Windows, Android, ERMAC
16	18/10/2022	-	-	?	Students in the U.S.	The FBI and Federal Trade Commission are warning people to be wary of scams cashing in on government efforts to provide student loan assistance.	Account Takeover	Education	CC	US		Federal Bureau of Investigation, FBI, FTC, Federal Trade Commission,
17	18/10/2022	18/10/2022	18/10/2022	?	Moola Market	Decentralized finance (DeFi) platform Moola Market suffers a security incident leading to a loss of up to $9m worth of cryptocurrency.	Vulnerability	Fintech	CC	N/A		Moola Market
18	18/10/2022	Between 21/03/2022 and 08/07/2022	08/07/2022	?	Presbyterian Healthcare Services	Presbyterian Healthcare Services reveals that the protected health information of 2,624 patients was stored in an employee email account that was accessed by an unauthorized third party following a phishing email.	Account Takeover	Human health and social work	CC	US		Presbyterian Healthcare Services
19	18/10/2022	-	17/10/2022	LockBit 3.0	Kingfisher Insurance	Kingfisher Insurance confirms a LockBit 3.0 ransomware attack after the ransomware gang leaks 1.4 Tb of data.	Malware	Finance and insurance	CC	UK		Kingfisher Insurance, LockBit 3.0, ransomware
20	18/10/2022	12/10/2022	12/10/2022	?	Members of Parliament in Canada	Members of Parliament in Canada are asked to change their email passwords and some internet-based services on Parliament Hill are restricted after what’s being described as a “cyber incident.”	Unknown	Public admin and defence, social security	N/A	CA		Canada, Parliament Hill
21	18/10/2022	09/10/2022	09/10/2022	Vice Society	Hôpital Pierre Rouquès – Les Bluets	A private maternity hospital in France, Hôpital Pierre Rouquès – Les Bluets is the victim of a ransomware attack by Vice Society.	Malware	Human health and social work	CC	FR		A Hôpital Pierre Rouquès – Les Bluets, ransomware, Vice Society.
22	18/10/2022	18/10/2022	18/10/2022	?	Spain’s National Renewable Energy Center (CENER)	Spain’s National Renewable Energy Center (CENER) reportedly suffers a cyber attack.	Unknown	Public admin and defence, social security	CC	ES		Spain’s National Renewable Energy Center, CENER
23	19/10/2022	-	23/06/2022	Ursnif	Multiple organizations	Researchers from Mandiant discover a new version of the Ursnif malware (AKA Gozi), named LDR4 and used as a generic backdoor, stripped of its typical banking trojan functionality.	Malware	Multiple Industries	CC	>1		Mandiant, Ursnif, AKA, Gozi, LDR4
24	19/10/2022	-	-	?	Android users	Security researchers at McAfee have discover a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android, and were downloaded 20 million times.	Malware	Individual	CC	>1		McAfee, Google Play, Android
25	19/10/2022	27/07/2022	27/07/2022	?	Flambeau	Flambeau reports a data breach after the company experienced what appears to be a cyberattack targeting its computer systems.	Unknown	Manufacturing	CC	US		Flambeau
26	19/10/2022	-	06/01/2022	?	Country Doctor Community Health Clinic (CDCHC)	Country Doctor Community Health Clinic (CDCHC) notifies 38,751 individuals of a healthcare data breach, after discovering unusual activity in its environment.	Unknown	Human health and social work	CC	US		Country Doctor Community Health Clinic, CDCHC
27	19/10/2022	-	-	?	Multiple organizations	Researchers from Sophos discover a new campaign, combining custom and commodity malware such as Gh0st RAT.	Malware	Multiple Industries	CC	>1		Sophos, Gh0st RAT
28	19/10/2022	15/10/2022	15/10/2022	?	iDealwine	Popular international fine wine online retailer iDealwine suffers a data breach.	Unknown	Wholesale and retail	CC	FR		iDealwine
29	19/10/2022	-	-	TeamTNT	Multiple organizations	Researchers from Trend Micro discover a new campaign by the TeamTNT threat actor (or a copycat group) targeting exposed Docker APIs to drop crypominers.	Misconfiguration	Multiple Industries	CC	>1		TeamTNT, Docker
30	19/10/2022	-	-	Ragnar Locker	Dollmar s.p.a.	Dollmar s.p.a., an Italian industrial painting company is hit by the Ragnar Locker ransomware gang.	Malware	Professional, scientific and technical	CC	IT		Dollmar s.p.a., Ragnar Locker
31	20/10/2022	Since at least 2016	-	Domestic Kitten AKA APT-C-50	Iranian Citizens	Researchers from ESET discover a new version of the 'FurBall' Android spyware, targeting Iranian citizens in a mobile surveillance campaigns conducted by the Domestic Kitten hacking group AKA APT-C-50.	Targeted Attack	Individual	CE	IR		Domestic Kitten, APT-C-50, Furbal, Android
32	20/10/2022	Since at least March 2020	-	OldGremlin	Multiple organizations in Russia	Researchers from Group-IB reveal that OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.	Malware	Multiple Industries	CC	RU		Group-IB, OldGremlin, Russia, Linux
33	20/10/2022	Since August 2022	-	Mirai, RAR1Ransom, and GuardMiner	Multiple organizations	Researchers from Fortinet observe multiple malicious campaigns leveraging CVE-2022-22954, a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives.	CVE-2022-22954 Vulnerability	Multiple Industries	CC	>1		Fortinet, CVE-2022-22954, VMware Workspace One Access, Mirai, RAR1Ransom, GuardMiner
34	20/10/2022	Since at least 2020	-	Emennet Pasargad	Organizations in the U.S. and Israel	The FBI releases an alert warning of hack-and-leak operations targeting organizations in the U.S. and Israel by Emennet Pasargad, a group based in Iran.	Account Takeover	Multiple Industries	H	IL US		Federal Bureau of Investigation, FBI, Emennet Pasargad, Iran
35	20/10/2022	Since at least 18/10/2022	18/10/2022	Multiple threat actors	Multiple organizations	Researchers from Defiant discover exploitation attempts targeting the Apache Commons Text vulnerability tracked as CVE-2022-42889 and Text4Shell.	CVE-2022-42889 Vulnerability	Multiple Industries	CC	>1		Defiant, Apache Commons Text, CVE-2022-42889, Text4Shell
36	20/10/2022	Since at least May 2022	During May 2022	?	Individuals in Saudi Arabia	Researchers from CloudSEK discover multiple phishing domains impersonating Absher, the Saudi government service portal, to provide fake services to citizens and steal their credentials.	Account Takeover	Individual	CC	SA		CloudSEK, Absher
37	20/10/2022	-	-	Emotet	Multiple organizations	Researchers from Trustwave discover a new campaign distributing the Emotet malware, taking advantage of password-protected archive files, to drop CoinMiner and Quasar RAT.	Malware	Multiple Industries	CC	>1		Trustwave, Emotet,
38	20/10/2022	'Recently'	-	?	Individuals in Iran	A new spyware campaign is detected targeting the Android cellphones of some individuals recently detained for protesting against the government, via the L3mon spyware.	Targeted Attack	Individual	CE	IR		Android, Iran, L3mon
39	21/10/2022	-	-	BlackByte	Multiple organizations	Researchers at Symantec reveal that a BlackByte ransomware affiliate is using a new custom data stealing tool called 'ExByte' to steal data from compromised Windows devices quickly.	Malware	Multiple Industries	CC	>1		Symantec, BlackByte, ransomware, ExByte
40	21/10/2022	17/10/2022	17/10/2022	?	METRO	International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack.	Unknown	Wholesale and retail	CC	AT FR DE		METRO
41	21/10/2022	Since at least June 2022	-	Daixin Team	U.S. Healthcare and Public Health (HPH) sector	CISA, the FBI, and the Department of Health and Human Services (HHS) warn that a cybercrime group known as Daixin Team is actively targeting the U.S. Healthcare and Public Health (HPH) sector in ransomware attacks.	Malware	Human health and social work	CC	US		CISA, FBI, Department of Health and Human Services, HHS, Daixin Team, U.S. Healthcare and Public Health, HPH, ransomware
42	21/10/2022	-	-	LockBit	Pendragon Group	Pendragon Group, with more than 200 car dealerships in the U.K., is breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.	Malware	Wholesale and retail	CC	UK		Pendragon Group, LockBit, ransomware gang
43	21/10/2022	30/09/2022	30/09/2022	?	EnergyAustralia	EnergyAustralia discloses a security breach, allowing threat actors to access the information on 323 customers.	Unknown	Electricity, gas steam, air conditioning	CC	AU		EnergyAustralia
44	21/10/2022	Between 13/07/2021 and 01/11/2021	'Recently'	?	Phoenix Programs of Florida	Phoenix Programs of Florida files an official notice of a data breach after several company email accounts were compromised.	Account Takeover	Human health and social work	CC	US		Phoenix Programs of Florida
45	21/10/2022	14/10/2022	-	?	Carousel	Carousell, a buy-and-sell digital platform used by around four in ten Singaporeans, is hacked, leaving 1.95 million customer details exposed.	Vulnerability	Wholesale and retail	CC	SG		Carousel
46	21/10/2022	'Recently'	'Recently'	SideWinder APT (AKA Rattlesnake or T-APT4)	Multiple organizations in Pakistan	Researchers from Zscaler discover WarHawk, a new malware being used by the SideWinder APT threat group in campaigns targeting Pakistan, carried out compromising the website of the National Electric Power Regulatory Authority (NEPRA).	Targeted Attack	Multiple Industries	CE	PK		Zscaler, WarHawk, SideWinder APT, National Electric Power Regulatory Authority, NEPRA, Rattlesnake, T-APT4
47	21/10/2022	08/10/2022	08/10/2022	ALPHV (AKA BlackCat)	RecordTV	News outlet RecordTV is allegedly the victim of an attack by ALPHV (AKA BlackCat) with the ransomware group demanding approximately $5 million to provide a decryptor and not to leak the data.	Malware	Information and communication	CC	BR		RecordTV, ALPHV, BlackCat, ransomware
48	21/10/2022	-	-	RansomExx	Unimed Belem	RansomExx claims to have stolen 5.8 GB of files from Unimed Belem.	Malware	Human health and social work	CC	BR		RansomExx, ransomware, Unimed Belem
49	21/10/2022	-	-	ALPHV AKA BlackCat	Universidad Piloto de Colombia	The Universidad Piloto de Colombia is hit with an ALPHV ransomware attack.	Malware	Education	CC	CO		Universidad Piloto de Colombia, ALPHV, BlackCat, ransomware
50	21/10/2022	08/06/2021	-	?	City of Chester	The City of Chester loses $400K, after it is the victim of a BEC attack.	Business Email Compromise	Public admin and defence, social security	CC	US		City of Chester
51	22/10/2022	Since August 2022	During October 2022	Cuba	Multiple organizations in Ukraine	The Computer Emergency Response Team of Ukraine (CERT-UA) issues an alert about potential Cuba Ransomware attacks against critical networks in the country.	Malware	Multiple Industries	CW	UA		Cuba, Ukraine, Ransomware
52	22/10/2022	Since at least September 2022	Early September 2022	TommyLeaks' and 'SchoolBoys	Multiple organizations	Two new extortion gangs, part of the same ransomware groups, named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide.	Malware	Multiple Industries	CC	>1		Ransomware, TommyLeaks, SchoolBoys
53	22/10/2022	-	29/9/2022	?	Multi-Color Corporation (MCC)	Label printing giant Multi-Color Corporation (MCC) starts informing employees that their personal information might have been compromised in a cyberattack.	Unknown	Professional, scientific and technical	CC	US		Multi-Color Corporation, MCC
54	22/10/2022	23/08/2022	23/08/2022	?	St. Amant Centre	St. Amant Centre, an organization supporting persons with intellectual disabilities, reveals it was the victim of an attempted ransomware attack.	Malware	Human health and social work	CC	CA		St. Amant Centre, ransomware
55	23/10/2022	Since 23/07/2022	-	?	Ukrainian military institutions	Researchers from Blackberry discover a new campaign targeting Ukrainian military institutions via the RomCom RAT in disguise of legit applications.	Targeted Attack	Public admin and defence, social security	CE	UA		Blackberry, Ukraine, RomCom RAT
56	23/10/2022	Since mid-October 2022	Mid-October 2022	Dormant Colors	Individuals	Researchers at Guardio Labs discover Dormant Colors, a new malvertising campaign pushing Google Chrome extensions that hijack searches and insert affiliate links into web pages.	Malvertising	Individual	CC	>1		Guardio Labs, Google Chrome, Dormant Colors
57	24/10/2022	-	-	Black Reward	Iranian Atomic Energy Organization (AEOI)	The Iranian Atomic Energy Organization (AEOI) confirms that one of its subsidiaries' email servers was hacked after the ''Black Reward" hacking group published stolen data online.	Unknown	Public admin and defence, social security	H	IR		Iranian Atomic Energy Organization, AEOI, Black Reward
58	24/10/2022	-	-	?	Undisclosed organization(s)	Apple fixes (CVE-2022-42827), a zero-day vulnerability used in attacks against iPhones since the start of the year.	CVE-2022-42827 Vulnerability	Unknown	N/A	N/A		Apple, CVE-2022-42827
59	24/10/2022	23/10/2022	23/10/2022	Snatch	Kenosha Unified School District	The Snatch ransomware group claims to have compromised the Kenosha Unified School District.	Malware	Education	CC	US		Snatch, Ransomware, Kenosha Unified School District.
60	24/10/2022	-	-	Multiple threat actors	Undisclosed organization(s)	The Cybersecurity and Infrastructure Security Agency (CISA) adds six vulnerabilities - four from hardware company Gigabyte and two affecting Cisco products - to its list of bugs currently being exploited by attackers.	CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, CVE-2018-19323, CVE-2020-3153, CVE-2020-3433 Vulnerabilities	Unknown	N/A	N/A		CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, CVE-2018-19323, CVE-2020-3153, CVE-2020-3433, Cisco, Gigabyte
61	24/10/2022	Since early 2017	19/04/2022	MajikPOS and Treasure Hunter	Multiple organizations	Researchers from Group-IB discover a campaign carried out via two POS malware samples named MajikPOS and Treasure Hunter, able to steal more than 167,000 credit cards	Malware	Wholesale and retail	CC	>1		Group-IB, MajikPOS, Treasure Hunter
62	24/10/2022	24/10/2022	24/10/2022	?	Australian Institute of Company Directors (AIDC)	Unknown threat actors flood the LinkedIn Chat with a fake Eventbrite link to a conference by the Australian Institute of Company Directors (AIDC).	Account Takeover	Other service activities	CC	AU		LinkedIn, Eventbrite, Australian Institute of Company Directors, AIDC
63	24/10/2022	-	11/07/2022	?	Unnamed Management Services Organization	Somnia Pain Management of Kentucky reports a data breach after the company experienced a third-party data breach through its “Management Services Organization.”	Unknown	Administration and support service	CC	US		Somnia Pain Management of Kentucky
64	24/10/2022	-	-	Kimsuky (aka Thallium, Black Banshee)	Users in South Korea	Researchers from S2W discover a new campaign by the North Korean threat actor Kimsuky, using three different Android malware strains (FastFire, FastViewer, and FastSpy) to target users located in South Korea.	Targeted Attack	Mining and quarrying	CE	KR		S2W, North Korea, Kimsuky, Thallium, Black Banshee, Android, FastFire, FastViewer, FastSpy
65	24/10/2022	-	-	?	FTX users	Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts.	Account Takeover	Fintech	CC	>1		FTX
66	24/10/2022	Since August 2022	Since August 2022	Multiple threat actors	English-speaking crypto users	Researchers from Proofpoint reveal that threat actors are increasingly targeting English-speaking crypto users with pig-butchering frauds.	Account Takeover	Finance and insurance	CC	>1		Proofpoint, pig-butchering
67	25/10/2022	-	-	Purpleurchin	Free-tier Cloud Service Provider	Researchers from Sysdig discover an automated and large-scale 'freejacking' campaign abusing free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.	Malware	Professional, scientific and technical	CC	US		Sysdig, GitHub, Heroku, Buddy
68	25/10/2022	Between July and October 2022.	Since July 2022	Vice Society	Multiple organizations in the U.S. education sector	Researchers from Microsoft reveal that the Vice Society ransomware group has been switching ransomware payloads in attacks targeting the education sector across the United States and worldwide.	Malware	Education	CC	US		Microsoft, Vice Society, Ransomware, Education
69	25/10/2022	Between 25/06/2019 and 08/01/2022	During April 2021	?	See Tickets	Ticketing service provider 'See Tickets' discloses a data breach, informing customers that cybercriminals might have accessed their payment card details via a skimmer on its website.	Malicious Script Injection	Arts entertainment, recreation	CC	UK		See Tickets
70	25/10/2022	-	-	?	Undisclosed organization(s)	Cisco warns that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows (CVE-2020-3433 and CVE-2020-3153) are being exploited in the wild.	CVE-2020-3433 and CVE-2020-3153 Vulnerabilities	Unknown	N/A	N/A		Cisco, Cisco AnyConnect Secure Mobility Client, CVE-2020-3433, CVE-2020-3153
71	25/10/2022	-	26/06/2022	?	Pinnacle Claims Management	Pinnacle Claims Management reports a data breach after the company determined that an unauthorized party had gained access to files containing sensitive consumer information.	Unknown	Administration and support service	CC	US		Pinnacle Claims Management
72	25/10/2022	-	17/10/2022	?	Nedap	Patients of Dutch mental health clinics are warned that their personal records have fallen into the hands of hackers following a security breach at Nedap, a technology provider used by thousands of healthcare institutions throughout the country to share digital health records and personal data.	Vulnerability	Professional, scientific and technical	CC	NL		Nedap
73	25/10/2022	-	-	?	Undisclosed travel organization	Researchers from Armorbox discover a phishing campaign spoofing LinkedIn in an attempt to steal victims’ login credentials.	Account Takeover	Arts entertainment, recreation	CC	N/A		Armorblox, LinkedIn
74	25/10/2022	Early September 2022	Early September 2022	LV	Undisclosed Jordan-based organization	Researchers from Trend Micro reveal the details of an attack carried out by the LV ransomware group exploiting the ProxyShell vulnerability. RV is a ransomware as a service (RaaS) operation, reportedly based on REvil (aka Sodinokibi).	Malware	Unknown	CC	JO		Trend Micro, LV, ransomware, ProxyShell, REvil, Sodinokibi
75	25/10/2022	-	-	BlackByte	Municipality of Chihuahua	The Municipality of Chihuahua in Mexico is added to the BlackByte ransomware leak site.	Malware	Public admin and defence, social security	CC	MX		Municipality of Chihuahua, ransomware, BlackByte
76	25/10/2022	-	-	Kelvin Security	Filomeno Wi-Fi	Kelvin Security leaks some data from Filomeno Wi-Fi, a local connectivity provider.	Unknown	Information and communication	CC	IT		Kelvin Security, Filomeno Wi-Fi
77	26/10/2022	'Recently'	'Recently'	Dragonbridge	U.S. midterm elections	Researchers from Mandiant discover a pro-China influence campaign targeting the U.S. midterm elections.	Coordinated Inauthentic Behavior	Public admin and defence, social security	CW	US		Mandiant, Dragonbridge, China, U.S. Midterm election
78	26/10/2022	26/10/2022	26/10/2022	?	Enercity	Enercity, one of Germany’s largest municipal energy suppliers, confirms it was targeted by a cyberattack on Wednesday morning.	Unknown	Electricity, gas steam, air conditioning	CC	DE		Enercity
79	26/10/2022	-	-	ALPHV AKA BlackCat	Joint Command of the Armed Forces of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador)	The ALPHV AKA BlackCat ransomware gang claims to have breached the Joint Command of the Armed Forces of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador). The agency denies the breach.	Malware	Public admin and defence, social security	CC	EC		ALPHV, BlackCat, Ransomware, Command of the Armed Forces of Ecuador, Comando Conjunto de las Fuerzas Armadas Del Ecuador
80	26/10/2022	-	-	?	Vulnerable Docker and Kubernetes systems	CrowdStrike reveals the details of Kiss-a-Dog, a new cryptojacking campaign, targeting vulnerable Docker and Kubernetes infrastructure.	Vulnerability	Multiple Industries	CC	>1		CrowdStrike, Kiss-a-Dog, Docker, Kubernetes
81	26/10/2022	-	17/06/2022	?	Convergent Outsourcing	Convergent Outsourcing reports a data breach after the company experienced a ransomware attack.	Malware	Administration and support service	CC	US		Convergent Outsourcing, Ransomware
82	26/10/2022	During September 2022	-	?	Multiple organizations in Hungary	Researchers from Fortinet discover a new phishing campaign targeting Hungarian Users, pretending to come from the Hungarian government, and distributing the Warzone RAT.	Malware	Multiple Industries	CC	HU		Fortinet, Warzone RAT
83	26/10/2022	'Recently'	'Recently'	?	Undisclosed organization(s)	Researchers from Trend Micro discover an exploitation attempt leveraging monitoring and visualization tool Weave Scope to steal credentials from the AWS workloads.	Misconfiguration	Unknown	CC	N/A		Trend Micro, Weave Scope, AWS
84	26/10/2022	25/10/2022	25/10/2022	LockBit 3.0	Fisco Saúde	Fisco Saúde, a health insurance organization in Brazil, is hit by a LockBit ransomware attack.	Malware	Finance and insurance	CC	BR		Fisco Saúde, LockBit, Ransomware
85	26/10/2022	-	-	?	Municipality of Padua (Comune di Padova)	The credentials to access the network of the municipality of Padua end up being on sale in a dark web forum.	Unknown	Public admin and defence, social security	CC	IT		Municipality of Padua, Comune di Padova
86	27/10/2022	SInce at least April 2022	During April 2022	Fodcha	Multiple organizations	Researchers from 360Netlab discover a new version of the Fodcha DDoS botnet, featuring ransom demands injected into packets and new features to evade detection of its infrastructure.	DDoS	Multiple Industries	CC	>1		360Netlab, Fodcha
87	27/10/2022	27/10/2022	27/10/2022	?	New York Post	New York Post confirms that it was hacked by an internal employee after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting U.S. politicians.	Account Takeover	Information and communication	CC	UK		New York Post, Twitter
88	27/10/2022	29/06/2022	29/06/2022	?	Twilio	Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.	Account Takeover	Professional, scientific and technical	CC	US		Twilio
89	27/10/2022	Since September 2021	'Recently'	Drinik	Customers of 18 banks in India	Researchers from Cyble discover a new version of the Drinik Android trojan targeting 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials.	Malware	Finance and insurance	CC	IN		Cyble, Drinik, Android
90	27/10/2022	During the last 30 days	During the last 30 days	DEV-0950	1,000 organizations worldwide	Researchers from Microsoft discover a massive campaign using the Raspberry Robin worm in a larger ecosystem facilitating pre-ransomware activity.	Malware	Multiple Industries	CC	>1		DEV-0950
91	27/10/2022	-	-	?	Undisclosed organization(s)	Google releases an emergency security update for the Chrome desktop web browser to address CVE-2022-3723, a vulnerability known to be exploited in attacks.	CVE-2022-3723 Vulnerability	Unknown	N/A	N/A		Google, Chrome, CVE-2022-3723
92	27/10/2022	27/10/2022	27/10/2022	?	Team Finance	Decentralized finance platform Team Finance confirms that hackers exploited a vulnerability and stole $14.5 million worth of cryptocurrency.	Vulnerability	Fintech	CC	N/A		Team Finance
93	27/10/2022	27/10/2022	27/10/2022	Russia?	Slovakia’s Parliament (National Council)	The Slovakia’s parliament suspends the sessions after suffering a cyber attack allegedly coming from Russia..	DDoS	Public admin and defence, social security	H	SK		Slovakia’s parliament, National Council
94	27/10/2022	27/10/2022	27/10/2022	Russia?	Polish Parliament	The Polish parliament is also hit with a cyber attack allegedly coming from Russia.	DDoS	Public admin and defence, social security	H	PL		Polish Parliament
95	27/10/2022	-	During March 2022	Quantum	Medlab Pathology	Information about individual diseases diagnoses, payment cards and national insurance cards is among the data stolen by threat actors of the Quantum ransomware group from Australian company Medlab Pathology.	Malware	Human health and social work	CC	AU		Quantum, Ransomware, Medlab Pathology
96	27/10/2022	During August 2022	During August 2022	?	Michigan Medicine	Michigan Medicine notifies 33,850 patients of a phishing attack that may have exposed their health information.	Account Takeover	Human health and social work	CC	US		Michigan Medicine
97	27/10/2022	-	-	?	Finnish LinkedIn users	More than 200,000 records of Finnish LinkedIn users are leaked on a hacking forum. The company denies the breach.	Account Takeover	Unknown	CC	FI		LinkedIn
98	27/10/2022	During August 2022	During August 2022	?	Regions Hospital	Regions Hospital notifies 980 patients that some of their personal information has been compromised after an individual had improperly gained access to its secure network with the aim of stealing payments from a health insurer.	Unknown	Human health and social work	CC	US		Regions Hospital
99	27/10/2022	During August 2022	During August 2022	?	Instagram users	Researchers from Trustwave discover a new phishing campaign targeting Instagram users under the threat of a copyright infringement, leveraging URL redirection to take over accounts, or steal sensitive information.	Account Takeover	Individual	CC	>1		Trustwave, Instagram
100	27/10/2022	13/09/2022	13/09/2022	Karakurt	Davenport Community Schools	Davenport Community Schools confirms that an unauthorized user gained access to personal information belonging to current or former employees. The Karakurt ransomware gang claims responsibility for the attack.	Malware	Education	CC	US		Davenport Community Schools, Karakurt, Ransomware
101	28/10/2022	Since October 2022	During October 2022	?	Android banking users	Researchers from ThreatFabric discover a set of Android malware droppers infiltrating the Google Play store to install banking trojans (SharkBot, Vultur, Brunhilda) pretending to be app updates.	Malware	Finance and insurance	CC	DE FR IT NL UK		ThreatFabric, Android, Google Play, SharkBot, Vultur, Brunhilda
102	28/10/2022	-	-	Cranefly AKA UNC3524	Multiple organizations	Researchers from Symantec discover a new campaign by the Cranefly hacking group, aka UNC3524, using a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services (IIS) web server logs.	Targeted Attack	Multiple Industries	CE	>1		Symantec, Cranefly, UNC3524, Microsoft Internet Information Services, IIS
103	28/10/2022	28/10/2022	28/10/2022	?	Aurubis	German copper producer Aurubis announces that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack's spread.	Unknown	Mining and quarrying	CC	DE		Aurubis
104	28/10/2022	During the Summer 2022	During the Summer 2022	Suspected threat actors	Liz Truss	Liz Truss's personal mobile phone was hacked by agents suspected of working for the Kremlin.	Targeted Attack	Public admin and defence, social security	CE	UK		Liz Truss, Russia
105	28/10/2022	During October 2022	During October 2022	?	Bed Bath & Beyond	Bed Bath & Beyond reveals in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack.	Account Takeover	Wholesale and retail	CC	US		Bed Bath & Beyond
106	28/10/2022	-	-	?	Air New Zealand	Air New Zealand discloses to have suffered a security breach, with multiple customers have been locked out of their accounts after the incident.	Credential stuffing	Transportation and storage	CC	NZ		Air New Zealand
107	28/10/2022	Between 20/04/2021 and 17/05/2021	12/05/2021	?	U.S. Vision	Multiple eye care practices file notice of a data breach from a third-party data breach at U.S. Vision.	Unknown	Administration and support service	CC	US		U.S. Vision
108	28/10/2022	-	27/10/2022	Everest	AT&T	The Everest ransomware gang claims to have hacked AT&T, selling an alleged access to the company in a forum.	Account Takeover	Information and communication	CC	US		Everest, ransomware, AT&T
109	28/10/2022	-	-	ALPHV AKA BlackCat	Joint Armed Forces Command of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador)	The Joint Armed Forces Command of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador is also hit with an ALPHV ransomware attack.	Malware	Public admin and defence, social security	CC	EC		Joint Armed Forces Command of Ecuador, Comando Conjunto de las Fuerzas Armadas Del Ecuador, ALPHV, BlackCat, ransomware
110	28/10/2022	-	-	BlackByte	Universidad Nacional De Educacion de Peru	The Universidad Nacional De Educacion de Peru is hit with a BlackByte ransomware attack.	Malware	Education	CC	PE		Universidad Nacional De Educacion de Peru, BlackByte, ransomware
111	28/10/2022	-	-	?	Personal Paraguay	Personal Paraguay, a privately owned Paraguayan telco company, notifies to have suffered an outage due to a cyber attack.	Unknown	Information and communication	CC	PY		Personal Paraguay
112	29/10/2022	29/10/2022	29/10/2022	?	Supeo	Supeo, a Danish company that provides enterprise asset management solutions to railway companies, is hit by an alleged ransomware attack, and as a consequence DSB, the largest train operator in Denmark, stops all the activities.	Malware	Professional, scientific and technical	CC	DK		Supeo, DSB, ransomware
113	29/10/2022	Since at least 29/10/2022	29/10/2022	?	Twitter users	Twitter users with “verified” status are hit by phishing attempts via email and on the platform itself, after Elon Musk’s arrival as owner.	Account Takeover	Individual	CC	>1		Twitter, verified, Elon Musk
114	29/10/2022	-	-	?	Undisclosed organization in Taiwan	The Taiwanese Ministry of Interior (MOI) denies being the source of a data leak reportedly posting private details of 200,000 local people online.	Unknown	Unknown	CC	TW		Taiwanese Ministry of Interior, MOI
115	30/10/2022	During the last week of October 2022	During the last week of October 2022	?	Individuals	A new malvertising campaign abuses Google Ads to distribute an infostealer in disguise of a legit GIMP executable.	Malvertising	Individual	CC	>1		Google Ads, GIMP
116	30/10/2022	Over the last two days	Over the last two days	Azov	Multiple organizations	A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.	Malware	Multiple Industries	CC	>1		Azov, Ransomware
117	30/10/2022	-	-	LockBit 3.0	Thales	The LockBit ransomware group claims to have hacked the French defense and technology firm Thales. The company denies the hack.	Malware	Professional, scientific and technical	CC	FR		LockBit, ransomware, Thales
118	30/10/2022	-	-	BlackByte	Asahi Group Co. Ltd	The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a beverage giant.	Malware	Manufacturing	CC	HK		BlackByte, ransomware, Asahi Group Holdings
119	30/10/2022	-	05/11/2021	?	St. Luke’s Health	St. Luke’s Health notifies 16,906 individuals of a third-party data breach that impacted Adelanto Healthcare Ventures (AHCV), a consulting services vendor, after two of its employee email accounts were compromised by a third party.	Account Takeover	Human health and social work	CC	US		St. Luke’s Health, Adelanto Healthcare Ventures, AHCV
120	30/10/2022	-	-	LockBit 3.0	Belletti Ascensori	Belletti Ascensori is hit with a LockBit ransomware attack.	Malware	Manufacturing	CC	IT		Belletti Ascensori, LockBit, ransomware
121	31/10/2022	Since at least March 2022	During March 2022	APT10 AKA Cicada	Multiple organizations in Japan	Researchers from Kaspersky discover a new campaign by the Chinese Cicada hacking group, abusing security software to install a new version of the LODEINFO malware against Japanese organizations.	Targeted Attack	Multiple Industries	CE	JP		Kaspersky, Cicada, APT10, LODEINFO
122	31/10/2022	-	-	Snatch	HENSOLDT France	The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics.	Malware	Manufacturing	CC	FR		Snatch, ransomware, HENSOLDT France
123	31/10/2022	-	-	?	ForceNet	Threat actors have conducted a ransomware attack against ForceNet, a communications platform used by Australian military personnel and defense staff.	Malware	Information and communication	CC	AU		ForceNet, ransomware
124	31/10/2022	-	03/06/2022	?	Three Rivers Provider Network (TRPN)	Three Rivers Provider Network (TRPN) submits notice of a data breach after the company determined that an unauthorized party was able to access an employee’s email account containing sensitive information belonging to certain individuals.	Account Takeover	Finance and insurance	CC	US		Three Rivers Provider Network, TRPN
125	31/10/2022	-	16/12/2021	?	Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York (NYCDEA)	Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York (“NYCDEA”) reports a data breach after the organization confirmed that member information was compromised after an unauthorized party gained access to the NYCDEA email system.	Account Takeover	Other service activities	CC	US		Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York, NYCDEA
126	31/10/2022	Between 30/07/2022 and 31/07/2022	01/08/2022	?	Ethos Group	Ethos Group announces that the company recently experienced a data breach impacting the security of consumer information stored on its computer systems.	Unknown	Administration and support service	CC	US		Ethos Group
127	31/10/2022	Between 14/02/2022 and 10/05/2022	06/04/2022	?	Gateway Ambulatory Surgery Center	Gateway Ambulatory Surgery Center reports a data breach after the company confirmed that patient data was leaked after a successful email phishing attack.	Account Takeover	Human health and social work	CC	US		Gateway Ambulatory Surgery Center
128	31/10/2022	-	21/08/2022	?	Wenco Management	Wenco Management informs 20,526 employees enrolled in its health and welfare benefit plan that their data was accessed during a network hack.	Unknown	Accommodation and food service	CC	US		Wenco Management
129	31/10/2022	31/10/2022	31/10/2022	?	Osaka General Medical Center	Osaka General Medical Center suspends non-emergency outpatient services and operations following a ransomware cyberattack on its electronic medical record system.	Malware	Human health and social work	CC	JP		Osaka General Medical Center, ransomware
130	31/10/2022	-	-	LockBit 3.0	Bitron	Bitron, an Italian manufacturing company, is hit by the LockBit ransomware.	Malware	Manufacturing	CC	IT		Bitron, LockBit, ransomware
131	31/10/2022	14/9/2022	14/9/2022	?	Lodi Unified School District	Lodi Unified School District discloses a security breach.	Unknown	Education	CC	US		Lodi Unified School District
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

September 2023 Cyber Attacks Statistics
In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.
16-30 September 2023 Cyber Attacks Timeline
The second cyber attack timeline of September 2023 showed a decrease in events and a continuation of malware attacks. Massive hacks targeted fintech organizations like Mixin Network, and some breaches affected millions of individuals. The timeline also includes activities by various known and new threat ...
The Biggest Data Breaches of 2023
Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...
August 2023 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of August 2023 where I have collected and analyzed 336 events, a number relatively...
The Biggest Data Breaches of 2021
With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines.