In the second timeline of October, I have collected 130 events (corresponding to 8.13 events/day), a noticeable drop compared to the 144 of the previous timeline. I wonder if this is a temporary decrease or the beginning of a new trend.
Ransomware is a primary attack vector even in this timeline, and its percentage reaches again the higher values of 2022 with 31.5% (41 out of 130 events), a sharp increase compared to 20.8% of the first half of October. Instead the impact of vulnerabilities remains stable at 10%, very close to 9.7% of the first half of this month.
The toll to Decentralized Finance platforms continue to grow: in this timeline two organizations, Moola Market and Team Finance, fell victim of the attackers, with a total loss of nearly 24 million worth of cryptocurrency (respectively 9 million and 14.5 million.) Ironically, as if the massive crash was not enough, the FTX users were victim of a phishing campaign.
And despite the impact of the cyber campaigns related to Ukraine seems to decrease (at least the ones that are visible), the cyber espionage front continues to be quite hot. The list of the known threat actors active in this period include: APT41 (AKA Winnti, Chinese attribution), Domestic Kitten (Iran), Sidewinder (Pakistan), Kimsuky (North Korea). Instead the new threat actors revealed in this timeline include: DiceyF and Cranefly. Two additional events to notice in this timeline include the alleged hack of the cellphone of the previous UK Prime Minister Liz Truss (by suspected Russian threat actors), and the constant presence of Coordinated Inauthentic Behavior operations aiming to undermine the public opinion of western contries. It is also interesting to notice that yet another ransomware gang (Cuba) turned its unwelcome intentions to Ukraine
Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map October H2 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/10/2022
Since at least early October 2022
Early October 2022
Venus
Multiple organizations
A relatively new ransomware named Venus targets publicly-exposed Remote Desktop services to encrypt Windows devices.
Malware
Multiple Industries
CC
>1
Venus, ransomware
2
17/10/2022
Since at least February 2022
-
Russia?
Individuals
A new research examining pro-Kremlin edits made to the English-language page for the Russo-Ukrainian war sheds light on how Wikipedia can be manipulated for information warfare.
Coordinated Inauthentic Behavior
Individual
CW
>1
Russia, Ukraine, Wikipedia
3
17/10/2022
Since at least November 2021
-
DiceyF
Online casinos based in Southeast Asia
Researchers from Kaspersky reveal that a hacking group named ‘DiceyF’ has been observed deploying a malicious attack framework against online casinos based in Southeast Asia since at least November 2021.
Targeted Attack
Arts entertainment, recreation
CE
>1
Kaspersky, DiceyF
4
17/10/2022
Since at least September 2021
During September 2021
Mexican Government?
Individuals in Mexico
Mexican opposition congressman Agustin Basave Alanis says his phone was infected by Pegasus, the fourth alleged case of the controversial spyware being deployed under President Andres Manuel Lopez Obrador, who had vowed to stop using it.
Targeted Attack
Individual
CE
MX
Agustin Basave Alanis, Pegasus, Andres Manuel Lopez Obrador
5
17/10/2022
-
-
LockBit 3.0
Oomiya
The IT infrastructure of the Japanese tech company Oomiya is hit with the LockBit 3.0 ransomware.
Malware
Professional, scientific and technical
CC
JP
Oomiya, LockBit 3.0, ransomware
6
17/10/2022
-
-
?
Vinomofo
Wine retailer Vinomofo is targeted by threat actors, with reports suggesting as many as half a million customers may have had their information exposed.
Unknown
Wholesale and retail
CC
AU
Vinomofo
7
17/10/2022
Between 18/04/2022 and 07/05/2022
04/05/2022
?
MODE Global
MODE Global reports a data breach after the company discovered that an unauthorized party had gained access to its computer system.
Unknown
Transportation and storage
CC
US
MODE Global
8
17/10/2022
-
-
Chinese threat actors
U.S. political parties
The FBI warns that chinese government threat actors are scanning U.S. political party domains ahead of midterm elections.
Vulnerability
Public admin and defence, social security
CW
US
China, US, midterm elections
9
17/10/2022
09/09/2022
09/09/2022
?
Aarti Drugs
Indian pharmaceutical major, Aarti Drugs is hit with a BianLian ransomware attack.
Malware
Professional, scientific and technical
CC
IN
Aarti Drugs, BianLian, Ransomware
10
17/10/2022
-
-
?
Netflix users in Australia
Netflix users in Australia are warned of a new email phishing scam that targets Netflix users and attempts to steal their financial and personal information.
Account Takeover
Individual
CC
AU
Netflix
11
17/10/2022
17/10/2022
17/10/2022
?
Dallas-Fort Worth International Airport
The Federal Aviation Administration investigates the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly.
GPS Interference
Transportation and storage
CC
US
Federal Aviation Administration, Dallas-Fort Worth International Airport
Researchers at Symantec uncover a campaign attributed to the China-linked espionage actor APT41 (AKA Winnti), a likely continuation of the Operation CuckooBees, which breached government agencies in Hong Kong and remained undetected for a year in some cases. The threat actor has been using custom malware called Spyder Loader.
Verizon warns an undisclosed number of prepaid customers that attackers gained access to Verizon accounts and used exposed credit card info in SIM swapping attacks.
Account Takeover
Information and communication
CC
US
Verizon, SIM Swapping
14
18/10/2022
-
-
?
At least 69 entities worldwide
Researchers from SafeBreach discover a previously undetected and undocumented PowerShell backdoor, actively used by a threat actor who has targeted at least 69 entities.
Malware
Multiple Industries
CE
>1
SafeBreach, PowerShell
15
18/10/2022
-
-
?
Individuals
Researchers at Cyble discover a massive, malicious campaign, using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware, including the ERMAC Banking Trojan.
Malware
Individual
CC
>1
Cyble, Windows, Android, ERMAC
16
18/10/2022
-
-
?
Students in the U.S.
The FBI and Federal Trade Commission are warning people to be wary of scams cashing in on government efforts to provide student loan assistance.
Account Takeover
Education
CC
US
Federal Bureau of Investigation, FBI, FTC, Federal Trade Commission,
17
18/10/2022
18/10/2022
18/10/2022
?
Moola Market
Decentralized finance (DeFi) platform Moola Market suffers a security incident leading to a loss of up to $9m worth of cryptocurrency.
Vulnerability
Fintech
CC
N/A
Moola Market
18
18/10/2022
Between 21/03/2022 and 08/07/2022
08/07/2022
?
Presbyterian Healthcare Services
Presbyterian Healthcare Services reveals that the protected health information of 2,624 patients was stored in an employee email account that was accessed by an unauthorized third party following a phishing email.
Account Takeover
Human health and social work
CC
US
Presbyterian Healthcare Services
19
18/10/2022
-
17/10/2022
LockBit 3.0
Kingfisher Insurance
Kingfisher Insurance confirms a LockBit 3.0 ransomware attack after the ransomware gang leaks 1.4 Tb of data.
Malware
Finance and insurance
CC
UK
Kingfisher Insurance, LockBit 3.0, ransomware
20
18/10/2022
12/10/2022
12/10/2022
?
Members of Parliament in Canada
Members of Parliament in Canada are asked to change their email passwords and some internet-based services on Parliament Hill are restricted after what’s being described as a “cyber incident.”
Unknown
Public admin and defence, social security
N/A
CA
Canada, Parliament Hill
21
18/10/2022
09/10/2022
09/10/2022
Vice Society
Hôpital Pierre Rouquès – Les Bluets
A private maternity hospital in France, Hôpital Pierre Rouquès – Les Bluets is the victim of a ransomware attack by Vice Society.
Malware
Human health and social work
CC
FR
A Hôpital Pierre Rouquès – Les Bluets, ransomware, Vice Society.
22
18/10/2022
18/10/2022
18/10/2022
?
Spain’s National Renewable Energy Center (CENER)
Spain’s National Renewable Energy Center (CENER) reportedly suffers a cyber attack.
Unknown
Public admin and defence, social security
CC
ES
Spain’s National Renewable Energy Center, CENER
23
19/10/2022
-
23/06/2022
Ursnif
Multiple organizations
Researchers from Mandiant discover a new version of the Ursnif malware (AKA Gozi), named LDR4 and used as a generic backdoor, stripped of its typical banking trojan functionality.
Malware
Multiple Industries
CC
>1
Mandiant, Ursnif, AKA, Gozi, LDR4
24
19/10/2022
-
-
?
Android users
Security researchers at McAfee have discover a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android, and were downloaded 20 million times.
Malware
Individual
CC
>1
McAfee, Google Play, Android
25
19/10/2022
27/07/2022
27/07/2022
?
Flambeau
Flambeau reports a data breach after the company experienced what appears to be a cyberattack targeting its computer systems.
Unknown
Manufacturing
CC
US
Flambeau
26
19/10/2022
-
06/01/2022
?
Country Doctor Community Health Clinic (CDCHC)
Country Doctor Community Health Clinic (CDCHC) notifies 38,751 individuals of a healthcare data breach, after discovering unusual activity in its environment.
Unknown
Human health and social work
CC
US
Country Doctor Community Health Clinic, CDCHC
27
19/10/2022
-
-
?
Multiple organizations
Researchers from Sophos discover a new campaign, combining custom and commodity malware such as Gh0st RAT.
Malware
Multiple Industries
CC
>1
Sophos, Gh0st RAT
28
19/10/2022
15/10/2022
15/10/2022
?
iDealwine
Popular international fine wine online retailer iDealwine suffers a data breach.
Unknown
Wholesale and retail
CC
FR
iDealwine
29
19/10/2022
-
-
TeamTNT
Multiple organizations
Researchers from Trend Micro discover a new campaign by the TeamTNT threat actor (or a copycat group) targeting exposed Docker APIs to drop crypominers.
Misconfiguration
Multiple Industries
CC
>1
TeamTNT, Docker
30
19/10/2022
-
-
Ragnar Locker
Dollmar s.p.a.
Dollmar s.p.a., an Italian industrial painting company is hit by the Ragnar Locker ransomware gang.
Malware
Professional, scientific and technical
CC
IT
Dollmar s.p.a., Ragnar Locker
31
20/10/2022
Since at least 2016
-
Domestic Kitten AKA APT-C-50
Iranian Citizens
Researchers from ESET discover a new version of the 'FurBall' Android spyware, targeting Iranian citizens in a mobile surveillance campaigns conducted by the Domestic Kitten hacking group AKA APT-C-50.
Targeted Attack
Individual
CE
IR
Domestic Kitten, APT-C-50, Furbal, Android
32
20/10/2022
Since at least March 2020
-
OldGremlin
Multiple organizations in Russia
Researchers from Group-IB reveal that OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.
Malware
Multiple Industries
CC
RU
Group-IB, OldGremlin, Russia, Linux
33
20/10/2022
Since August 2022
-
Mirai, RAR1Ransom, and GuardMiner
Multiple organizations
Researchers from Fortinet observe multiple malicious campaigns leveraging CVE-2022-22954, a critical vulnerability in VMware Workspace One Access to deliver various malware, including the RAR1Ransom tool that locks files in password-protected archives.
CVE-2022-22954 Vulnerability
Multiple Industries
CC
>1
Fortinet, CVE-2022-22954, VMware Workspace One Access, Mirai, RAR1Ransom, GuardMiner
34
20/10/2022
Since at least 2020
-
Emennet Pasargad
Organizations in the U.S. and Israel
The FBI releases an alert warning of hack-and-leak operations targeting organizations in the U.S. and Israel by Emennet Pasargad, a group based in Iran.
Account Takeover
Multiple Industries
H
IL
US
Federal Bureau of Investigation, FBI, Emennet Pasargad, Iran
35
20/10/2022
Since at least 18/10/2022
18/10/2022
Multiple threat actors
Multiple organizations
Researchers from Defiant discover exploitation attempts targeting the Apache Commons Text vulnerability tracked as CVE-2022-42889 and Text4Shell.
Researchers from CloudSEK discover multiple phishing domains impersonating Absher, the Saudi government service portal, to provide fake services to citizens and steal their credentials.
Account Takeover
Individual
CC
SA
CloudSEK, Absher
37
20/10/2022
-
-
Emotet
Multiple organizations
Researchers from Trustwave discover a new campaign distributing the Emotet malware, taking advantage of password-protected archive files, to drop CoinMiner and Quasar RAT.
Malware
Multiple Industries
CC
>1
Trustwave, Emotet,
38
20/10/2022
'Recently'
-
?
Individuals in Iran
A new spyware campaign is detected targeting the Android cellphones of some individuals recently detained for protesting against the government, via the L3mon spyware.
Targeted Attack
Individual
CE
IR
Android, Iran, L3mon
39
21/10/2022
-
-
BlackByte
Multiple organizations
Researchers at Symantec reveal that a BlackByte ransomware affiliate is using a new custom data stealing tool called 'ExByte' to steal data from compromised Windows devices quickly.
Malware
Multiple Industries
CC
>1
Symantec, BlackByte, ransomware, ExByte
40
21/10/2022
17/10/2022
17/10/2022
?
METRO
International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack.
Unknown
Wholesale and retail
CC
AT
FR
DE
METRO
41
21/10/2022
Since at least June 2022
-
Daixin Team
U.S. Healthcare and Public Health (HPH) sector
CISA, the FBI, and the Department of Health and Human Services (HHS) warn that a cybercrime group known as Daixin Team is actively targeting the U.S. Healthcare and Public Health (HPH) sector in ransomware attacks.
Malware
Human health and social work
CC
US
CISA, FBI, Department of Health and Human Services, HHS, Daixin Team, U.S. Healthcare and Public Health, HPH, ransomware
42
21/10/2022
-
-
LockBit
Pendragon Group
Pendragon Group, with more than 200 car dealerships in the U.K., is breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.
Malware
Wholesale and retail
CC
UK
Pendragon Group, LockBit, ransomware gang
43
21/10/2022
30/09/2022
30/09/2022
?
EnergyAustralia
EnergyAustralia discloses a security breach, allowing threat actors to access the information on 323 customers.
Unknown
Electricity, gas steam, air conditioning
CC
AU
EnergyAustralia
44
21/10/2022
Between 13/07/2021 and 01/11/2021
'Recently'
?
Phoenix Programs of Florida
Phoenix Programs of Florida files an official notice of a data breach after several company email accounts were compromised.
Account Takeover
Human health and social work
CC
US
Phoenix Programs of Florida
45
21/10/2022
14/10/2022
-
?
Carousel
Carousell, a buy-and-sell digital platform used by around four in ten Singaporeans, is hacked, leaving 1.95 million customer details exposed.
Vulnerability
Wholesale and retail
CC
SG
Carousel
46
21/10/2022
'Recently'
'Recently'
SideWinder APT (AKA Rattlesnake or T-APT4)
Multiple organizations in Pakistan
Researchers from Zscaler discover WarHawk, a new malware being used by the SideWinder APT threat group in campaigns targeting Pakistan, carried out compromising the website of the National Electric Power Regulatory Authority (NEPRA).
Targeted Attack
Multiple Industries
CE
PK
Zscaler, WarHawk, SideWinder APT, National Electric Power Regulatory Authority, NEPRA, Rattlesnake, T-APT4
47
21/10/2022
08/10/2022
08/10/2022
ALPHV (AKA BlackCat)
RecordTV
News outlet RecordTV is allegedly the victim of an attack by ALPHV (AKA BlackCat) with the ransomware group demanding approximately $5 million to provide a decryptor and not to leak the data.
Malware
Information and communication
CC
BR
RecordTV, ALPHV, BlackCat, ransomware
48
21/10/2022
-
-
RansomExx
Unimed Belem
RansomExx claims to have stolen 5.8 GB of files from Unimed Belem.
Malware
Human health and social work
CC
BR
RansomExx, ransomware, Unimed Belem
49
21/10/2022
-
-
ALPHV AKA BlackCat
Universidad Piloto de Colombia
The Universidad Piloto de Colombia is hit with an ALPHV ransomware attack.
Malware
Education
CC
CO
Universidad Piloto de Colombia, ALPHV, BlackCat, ransomware
50
21/10/2022
08/06/2021
-
?
City of Chester
The City of Chester loses $400K, after it is the victim of a BEC attack.
Business Email Compromise
Public admin and defence, social security
CC
US
City of Chester
51
22/10/2022
Since August 2022
During October 2022
Cuba
Multiple organizations in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) issues an alert about potential Cuba Ransomware attacks against critical networks in the country.
Malware
Multiple Industries
CW
UA
Cuba, Ukraine, Ransomware
52
22/10/2022
Since at least September 2022
Early September 2022
TommyLeaks' and 'SchoolBoys
Multiple organizations
Two new extortion gangs, part of the same ransomware groups, named 'TommyLeaks' and 'SchoolBoys' are targeting companies worldwide.
Malware
Multiple Industries
CC
>1
Ransomware, TommyLeaks, SchoolBoys
53
22/10/2022
-
29/9/2022
?
Multi-Color Corporation (MCC)
Label printing giant Multi-Color Corporation (MCC) starts informing employees that their personal information might have been compromised in a cyberattack.
Unknown
Professional, scientific and technical
CC
US
Multi-Color Corporation, MCC
54
22/10/2022
23/08/2022
23/08/2022
?
St. Amant Centre
St. Amant Centre, an organization supporting persons with intellectual disabilities, reveals it was the victim of an attempted ransomware attack.
Malware
Human health and social work
CC
CA
St. Amant Centre, ransomware
55
23/10/2022
Since 23/07/2022
-
?
Ukrainian military institutions
Researchers from Blackberry discover a new campaign targeting Ukrainian military institutions via the RomCom RAT in disguise of legit applications.
Targeted Attack
Public admin and defence, social security
CE
UA
Blackberry, Ukraine, RomCom RAT
56
23/10/2022
Since mid-October 2022
Mid-October 2022
Dormant Colors
Individuals
Researchers at Guardio Labs discover Dormant Colors, a new malvertising campaign pushing Google Chrome extensions that hijack searches and insert affiliate links into web pages.
Malvertising
Individual
CC
>1
Guardio Labs, Google Chrome, Dormant Colors
57
24/10/2022
-
-
Black Reward
Iranian Atomic Energy Organization (AEOI)
The Iranian Atomic Energy Organization (AEOI) confirms that one of its subsidiaries' email servers was hacked after the ''Black Reward" hacking group published stolen data online.
Unknown
Public admin and defence, social security
H
IR
Iranian Atomic Energy Organization, AEOI, Black Reward
58
24/10/2022
-
-
?
Undisclosed organization(s)
Apple fixes (CVE-2022-42827), a zero-day vulnerability used in attacks against iPhones since the start of the year.
CVE-2022-42827 Vulnerability
Unknown
N/A
N/A
Apple, CVE-2022-42827
59
24/10/2022
23/10/2022
23/10/2022
Snatch
Kenosha Unified School District
The Snatch ransomware group claims to have compromised the Kenosha Unified School District.
Malware
Education
CC
US
Snatch, Ransomware, Kenosha Unified School District.
60
24/10/2022
-
-
Multiple threat actors
Undisclosed organization(s)
The Cybersecurity and Infrastructure Security Agency (CISA) adds six vulnerabilities - four from hardware company Gigabyte and two affecting Cisco products - to its list of bugs currently being exploited by attackers.
Researchers from Group-IB discover a campaign carried out via two POS malware samples named MajikPOS and Treasure Hunter, able to steal more than 167,000 credit cards
Malware
Wholesale and retail
CC
>1
Group-IB, MajikPOS, Treasure Hunter
62
24/10/2022
24/10/2022
24/10/2022
?
Australian Institute of Company Directors (AIDC)
Unknown threat actors flood the LinkedIn Chat with a fake Eventbrite link to a conference by the Australian Institute of Company Directors (AIDC).
Account Takeover
Other service activities
CC
AU
LinkedIn, Eventbrite, Australian Institute of Company Directors, AIDC
63
24/10/2022
-
11/07/2022
?
Unnamed Management Services Organization
Somnia Pain Management of Kentucky reports a data breach after the company experienced a third-party data breach through its “Management Services Organization.”
Unknown
Administration and support service
CC
US
Somnia Pain Management of Kentucky
64
24/10/2022
-
-
Kimsuky (aka Thallium, Black Banshee)
Users in South Korea
Researchers from S2W discover a new campaign by the North Korean threat actor Kimsuky, using three different Android malware strains (FastFire, FastViewer, and FastSpy) to target users located in South Korea.
Targeted Attack
Mining and quarrying
CE
KR
S2W, North Korea, Kimsuky, Thallium, Black Banshee, Android, FastFire, FastViewer, FastSpy
65
24/10/2022
-
-
?
FTX users
Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts.
Account Takeover
Fintech
CC
>1
FTX
66
24/10/2022
Since August 2022
Since August 2022
Multiple threat actors
English-speaking crypto users
Researchers from Proofpoint reveal that threat actors are increasingly targeting English-speaking crypto users with pig-butchering frauds.
Account Takeover
Finance and insurance
CC
>1
Proofpoint, pig-butchering
67
25/10/2022
-
-
Purpleurchin
Free-tier Cloud Service Provider
Researchers from Sysdig discover an automated and large-scale 'freejacking' campaign abusing free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.
Malware
Professional, scientific and technical
CC
US
Sysdig, GitHub, Heroku, Buddy
68
25/10/2022
Between July and October 2022.
Since July 2022
Vice Society
Multiple organizations in the U.S. education sector
Researchers from Microsoft reveal that the Vice Society ransomware group has been switching ransomware payloads in attacks targeting the education sector across the United States and worldwide.
Malware
Education
CC
US
Microsoft, Vice Society, Ransomware, Education
69
25/10/2022
Between 25/06/2019 and 08/01/2022
During April 2021
?
See Tickets
Ticketing service provider 'See Tickets' discloses a data breach, informing customers that cybercriminals might have accessed their payment card details via a skimmer on its website.
Malicious Script Injection
Arts entertainment, recreation
CC
UK
See Tickets
70
25/10/2022
-
-
?
Undisclosed organization(s)
Cisco warns that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows (CVE-2020-3433 and CVE-2020-3153) are being exploited in the wild.
Pinnacle Claims Management reports a data breach after the company determined that an unauthorized party had gained access to files containing sensitive consumer information.
Unknown
Administration and support service
CC
US
Pinnacle Claims Management
72
25/10/2022
-
17/10/2022
?
Nedap
Patients of Dutch mental health clinics are warned that their personal records have fallen into the hands of hackers following a security breach at Nedap, a technology provider used by thousands of healthcare institutions throughout the country to share digital health records and personal data.
Vulnerability
Professional, scientific and technical
CC
NL
Nedap
73
25/10/2022
-
-
?
Undisclosed travel organization
Researchers from Armorbox discover a phishing campaign spoofing LinkedIn in an attempt to steal victims’ login credentials.
Account Takeover
Arts entertainment, recreation
CC
N/A
Armorblox, LinkedIn
74
25/10/2022
Early September 2022
Early September 2022
LV
Undisclosed Jordan-based organization
Researchers from Trend Micro reveal the details of an attack carried out by the LV ransomware group exploiting the ProxyShell vulnerability. RV is a ransomware as a service (RaaS) operation, reportedly based on REvil (aka Sodinokibi).
The Municipality of Chihuahua in Mexico is added to the BlackByte ransomware leak site.
Malware
Public admin and defence, social security
CC
MX
Municipality of Chihuahua, ransomware, BlackByte
76
25/10/2022
-
-
Kelvin Security
Filomeno Wi-Fi
Kelvin Security leaks some data from Filomeno Wi-Fi, a local connectivity provider.
Unknown
Information and communication
CC
IT
Kelvin Security, Filomeno Wi-Fi
77
26/10/2022
'Recently'
'Recently'
Dragonbridge
U.S. midterm elections
Researchers from Mandiant discover a pro-China influence campaign targeting the U.S. midterm elections.
Coordinated Inauthentic Behavior
Public admin and defence, social security
CW
US
Mandiant, Dragonbridge, China, U.S. Midterm election
78
26/10/2022
26/10/2022
26/10/2022
?
Enercity
Enercity, one of Germany’s largest municipal energy suppliers, confirms it was targeted by a cyberattack on Wednesday morning.
Unknown
Electricity, gas steam, air conditioning
CC
DE
Enercity
79
26/10/2022
-
-
ALPHV AKA BlackCat
Joint Command of the Armed Forces of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador)
The ALPHV AKA BlackCat ransomware gang claims to have breached the Joint Command of the Armed Forces of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador). The agency denies the breach.
Malware
Public admin and defence, social security
CC
EC
ALPHV, BlackCat, Ransomware, Command of the Armed Forces of Ecuador, Comando Conjunto de las Fuerzas Armadas Del Ecuador
80
26/10/2022
-
-
?
Vulnerable Docker and Kubernetes systems
CrowdStrike reveals the details of Kiss-a-Dog, a new cryptojacking campaign, targeting vulnerable Docker and Kubernetes infrastructure.
Vulnerability
Multiple Industries
CC
>1
CrowdStrike, Kiss-a-Dog, Docker, Kubernetes
81
26/10/2022
-
17/06/2022
?
Convergent Outsourcing
Convergent Outsourcing reports a data breach after the company experienced a ransomware attack.
Malware
Administration and support service
CC
US
Convergent Outsourcing, Ransomware
82
26/10/2022
During September 2022
-
?
Multiple organizations in Hungary
Researchers from Fortinet discover a new phishing campaign targeting Hungarian Users, pretending to come from the Hungarian government, and distributing the Warzone RAT.
Malware
Multiple Industries
CC
HU
Fortinet, Warzone RAT
83
26/10/2022
'Recently'
'Recently'
?
Undisclosed organization(s)
Researchers from Trend Micro discover an exploitation attempt leveraging monitoring and visualization tool Weave Scope to steal credentials from the AWS workloads.
Misconfiguration
Unknown
CC
N/A
Trend Micro, Weave Scope, AWS
84
26/10/2022
25/10/2022
25/10/2022
LockBit 3.0
Fisco Saúde
Fisco Saúde, a health insurance organization in Brazil, is hit by a LockBit ransomware attack.
Malware
Finance and insurance
CC
BR
Fisco Saúde, LockBit, Ransomware
85
26/10/2022
-
-
?
Municipality of Padua (Comune di Padova)
The credentials to access the network of the municipality of Padua end up being on sale in a dark web forum.
Unknown
Public admin and defence, social security
CC
IT
Municipality of Padua, Comune di Padova
86
27/10/2022
SInce at least April 2022
During April 2022
Fodcha
Multiple organizations
Researchers from 360Netlab discover a new version of the Fodcha DDoS botnet, featuring ransom demands injected into packets and new features to evade detection of its infrastructure.
DDoS
Multiple Industries
CC
>1
360Netlab, Fodcha
87
27/10/2022
27/10/2022
27/10/2022
?
New York Post
New York Post confirms that it was hacked by an internal employee after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting U.S. politicians.
Account Takeover
Information and communication
CC
UK
New York Post, Twitter
88
27/10/2022
29/06/2022
29/06/2022
?
Twilio
Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.
Account Takeover
Professional, scientific and technical
CC
US
Twilio
89
27/10/2022
Since September 2021
'Recently'
Drinik
Customers of 18 banks in India
Researchers from Cyble discover a new version of the Drinik Android trojan targeting 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials.
Malware
Finance and insurance
CC
IN
Cyble, Drinik, Android
90
27/10/2022
During the last 30 days
During the last 30 days
DEV-0950
1,000 organizations worldwide
Researchers from Microsoft discover a massive campaign using the Raspberry Robin worm in a larger ecosystem facilitating pre-ransomware activity.
Malware
Multiple Industries
CC
>1
DEV-0950
91
27/10/2022
-
-
?
Undisclosed organization(s)
Google releases an emergency security update for the Chrome desktop web browser to address CVE-2022-3723, a vulnerability known to be exploited in attacks.
CVE-2022-3723 Vulnerability
Unknown
N/A
N/A
Google, Chrome, CVE-2022-3723
92
27/10/2022
27/10/2022
27/10/2022
?
Team Finance
Decentralized finance platform Team Finance confirms that hackers exploited a vulnerability and stole $14.5 million worth of cryptocurrency.
Vulnerability
Fintech
CC
N/A
Team Finance
93
27/10/2022
27/10/2022
27/10/2022
Russia?
Slovakia’s Parliament (National Council)
The Slovakia’s parliament suspends the sessions after suffering a cyber attack allegedly coming from Russia..
DDoS
Public admin and defence, social security
H
SK
Slovakia’s parliament, National Council
94
27/10/2022
27/10/2022
27/10/2022
Russia?
Polish Parliament
The Polish parliament is also hit with a cyber attack allegedly coming from Russia.
DDoS
Public admin and defence, social security
H
PL
Polish Parliament
95
27/10/2022
-
During March 2022
Quantum
Medlab Pathology
Information about individual diseases diagnoses, payment cards and national insurance cards is among the data stolen by threat actors of the Quantum ransomware group from Australian company Medlab Pathology.
Malware
Human health and social work
CC
AU
Quantum, Ransomware, Medlab Pathology
96
27/10/2022
During August 2022
During August 2022
?
Michigan Medicine
Michigan Medicine notifies 33,850 patients of a phishing attack that may have exposed their health information.
Account Takeover
Human health and social work
CC
US
Michigan Medicine
97
27/10/2022
-
-
?
Finnish LinkedIn users
More than 200,000 records of Finnish LinkedIn users are leaked on a hacking forum. The company denies the breach.
Account Takeover
Unknown
CC
FI
LinkedIn
98
27/10/2022
During August 2022
During August 2022
?
Regions Hospital
Regions Hospital notifies 980 patients that some of their personal information has been compromised after an individual had improperly gained access to its secure network with the aim of stealing payments from a health insurer.
Unknown
Human health and social work
CC
US
Regions Hospital
99
27/10/2022
During August 2022
During August 2022
?
Instagram users
Researchers from Trustwave discover a new phishing campaign targeting Instagram users under the threat of a copyright infringement, leveraging URL redirection to take over accounts, or steal sensitive information.
Account Takeover
Individual
CC
>1
Trustwave, Instagram
100
27/10/2022
13/09/2022
13/09/2022
Karakurt
Davenport Community Schools
Davenport Community Schools confirms that an unauthorized user gained access to personal information belonging to current or former employees. The Karakurt ransomware gang claims responsibility for the attack.
Malware
Education
CC
US
Davenport Community Schools, Karakurt, Ransomware
101
28/10/2022
Since October 2022
During October 2022
?
Android banking users
Researchers from ThreatFabric discover a set of Android malware droppers infiltrating the Google Play store to install banking trojans (SharkBot, Vultur, Brunhilda) pretending to be app updates.
Malware
Finance and insurance
CC
DE
FR
IT
NL
UK
ThreatFabric, Android, Google Play, SharkBot, Vultur, Brunhilda
102
28/10/2022
-
-
Cranefly AKA UNC3524
Multiple organizations
Researchers from Symantec discover a new campaign by the Cranefly hacking group, aka UNC3524, using a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services (IIS) web server logs.
Targeted Attack
Multiple Industries
CE
>1
Symantec, Cranefly, UNC3524, Microsoft Internet Information Services, IIS
103
28/10/2022
28/10/2022
28/10/2022
?
Aurubis
German copper producer Aurubis announces that it suffered a cyberattack that forced it to shut down IT systems to prevent the attack's spread.
Unknown
Mining and quarrying
CC
DE
Aurubis
104
28/10/2022
During the Summer 2022
During the Summer 2022
Suspected threat actors
Liz Truss
Liz Truss's personal mobile phone was hacked by agents suspected of working for the Kremlin.
Targeted Attack
Public admin and defence, social security
CE
UK
Liz Truss, Russia
105
28/10/2022
During October 2022
During October 2022
?
Bed Bath & Beyond
Bed Bath & Beyond reveals in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack.
Account Takeover
Wholesale and retail
CC
US
Bed Bath & Beyond
106
28/10/2022
-
-
?
Air New Zealand
Air New Zealand discloses to have suffered a security breach, with multiple customers have been locked out of their accounts after the incident.
Credential stuffing
Transportation and storage
CC
NZ
Air New Zealand
107
28/10/2022
Between 20/04/2021 and 17/05/2021
12/05/2021
?
U.S. Vision
Multiple eye care practices file notice of a data breach from a third-party data breach at U.S. Vision.
Unknown
Administration and support service
CC
US
U.S. Vision
108
28/10/2022
-
27/10/2022
Everest
AT&T
The Everest ransomware gang claims to have hacked AT&T, selling an alleged access to the company in a forum.
Account Takeover
Information and communication
CC
US
Everest, ransomware, AT&T
109
28/10/2022
-
-
ALPHV AKA BlackCat
Joint Armed Forces Command of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador)
The Joint Armed Forces Command of Ecuador (Comando Conjunto de las Fuerzas Armadas Del Ecuador is also hit with an ALPHV ransomware attack.
Malware
Public admin and defence, social security
CC
EC
Joint Armed Forces Command of Ecuador, Comando Conjunto de las Fuerzas Armadas Del Ecuador, ALPHV, BlackCat, ransomware
110
28/10/2022
-
-
BlackByte
Universidad Nacional De Educacion de Peru
The Universidad Nacional De Educacion de Peru is hit with a BlackByte ransomware attack.
Malware
Education
CC
PE
Universidad Nacional De Educacion de Peru, BlackByte, ransomware
111
28/10/2022
-
-
?
Personal Paraguay
Personal Paraguay, a privately owned Paraguayan telco company, notifies to have suffered an outage due to a cyber attack.
Unknown
Information and communication
CC
PY
Personal Paraguay
112
29/10/2022
29/10/2022
29/10/2022
?
Supeo
Supeo, a Danish company that provides enterprise asset management solutions to railway companies, is hit by an alleged ransomware attack, and as a consequence DSB, the largest train operator in Denmark, stops all the activities.
Malware
Professional, scientific and technical
CC
DK
Supeo, DSB, ransomware
113
29/10/2022
Since at least 29/10/2022
29/10/2022
?
Twitter users
Twitter users with “verified” status are hit by phishing attempts via email and on the platform itself, after Elon Musk’s arrival as owner.
Account Takeover
Individual
CC
>1
Twitter, verified, Elon Musk
114
29/10/2022
-
-
?
Undisclosed organization in Taiwan
The Taiwanese Ministry of Interior (MOI) denies being the source of a data leak reportedly posting private details of 200,000 local people online.
Unknown
Unknown
CC
TW
Taiwanese Ministry of Interior, MOI
115
30/10/2022
During the last week of October 2022
During the last week of October 2022
?
Individuals
A new malvertising campaign abuses Google Ads to distribute an infostealer in disguise of a legit GIMP executable.
Malvertising
Individual
CC
>1
Google Ads, GIMP
116
30/10/2022
Over the last two days
Over the last two days
Azov
Multiple organizations
A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.
Malware
Multiple Industries
CC
>1
Azov, Ransomware
117
30/10/2022
-
-
LockBit 3.0
Thales
The LockBit ransomware group claims to have hacked the French defense and technology firm Thales. The company denies the hack.
Malware
Professional, scientific and technical
CC
FR
LockBit, ransomware, Thales
118
30/10/2022
-
-
BlackByte
Asahi Group Co. Ltd
The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a beverage giant.
Malware
Manufacturing
CC
HK
BlackByte, ransomware, Asahi Group Holdings
119
30/10/2022
-
05/11/2021
?
St. Luke’s Health
St. Luke’s Health notifies 16,906 individuals of a third-party data breach that impacted Adelanto Healthcare Ventures (AHCV), a consulting services vendor, after two of its employee email accounts were compromised by a third party.
Account Takeover
Human health and social work
CC
US
St. Luke’s Health, Adelanto Healthcare Ventures, AHCV
120
30/10/2022
-
-
LockBit 3.0
Belletti Ascensori
Belletti Ascensori is hit with a LockBit ransomware attack.
Malware
Manufacturing
CC
IT
Belletti Ascensori, LockBit, ransomware
121
31/10/2022
Since at least March 2022
During March 2022
APT10 AKA Cicada
Multiple organizations in Japan
Researchers from Kaspersky discover a new campaign by the Chinese Cicada hacking group, abusing security software to install a new version of the LODEINFO malware against Japanese organizations.
Targeted Attack
Multiple Industries
CE
JP
Kaspersky, Cicada, APT10, LODEINFO
122
31/10/2022
-
-
Snatch
HENSOLDT France
The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics.
Malware
Manufacturing
CC
FR
Snatch, ransomware, HENSOLDT France
123
31/10/2022
-
-
?
ForceNet
Threat actors have conducted a ransomware attack against ForceNet, a communications platform used by Australian military personnel and defense staff.
Malware
Information and communication
CC
AU
ForceNet, ransomware
124
31/10/2022
-
03/06/2022
?
Three Rivers Provider Network (TRPN)
Three Rivers Provider Network (TRPN) submits notice of a data breach after the company determined that an unauthorized party was able to access an employee’s email account containing sensitive information belonging to certain individuals.
Account Takeover
Finance and insurance
CC
US
Three Rivers Provider Network, TRPN
125
31/10/2022
-
16/12/2021
?
Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York (NYCDEA)
Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York (“NYCDEA”) reports a data breach after the organization confirmed that member information was compromised after an unauthorized party gained access to the NYCDEA email system.
Account Takeover
Other service activities
CC
US
Administrative Fund of the Detectives’ Endowment Association, Inc., Police Department of New York, NYCDEA
126
31/10/2022
Between 30/07/2022 and 31/07/2022
01/08/2022
?
Ethos Group
Ethos Group announces that the company recently experienced a data breach impacting the security of consumer information stored on its computer systems.
Unknown
Administration and support service
CC
US
Ethos Group
127
31/10/2022
Between 14/02/2022 and 10/05/2022
06/04/2022
?
Gateway Ambulatory Surgery Center
Gateway Ambulatory Surgery Center reports a data breach after the company confirmed that patient data was leaked after a successful email phishing attack.
Account Takeover
Human health and social work
CC
US
Gateway Ambulatory Surgery Center
128
31/10/2022
-
21/08/2022
?
Wenco Management
Wenco Management informs 20,526 employees enrolled in its health and welfare benefit plan that their data was accessed during a network hack.
Unknown
Accommodation and food service
CC
US
Wenco Management
129
31/10/2022
31/10/2022
31/10/2022
?
Osaka General Medical Center
Osaka General Medical Center suspends non-emergency outpatient services and operations following a ransomware cyberattack on its electronic medical record system.
Malware
Human health and social work
CC
JP
Osaka General Medical Center, ransomware
130
31/10/2022
-
-
LockBit 3.0
Bitron
Bitron, an Italian manufacturing company, is hit by the LockBit ransomware.
Malware
Manufacturing
CC
IT
Bitron, LockBit, ransomware
131
31/10/2022
14/9/2022
14/9/2022
?
Lodi Unified School District
Lodi Unified School District discloses a security breach.
Unknown
Education
CC
US
Lodi Unified School District
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
It's time to publish the statistics derived from the Cyber Attacks Timelines of January 2016 (Part I and Part II). As usual let's start from the Country Distribution Chart, which is led by the United States for the categories of Cyber Crime and Hacktivism. United ...
It's time to publish and comment the cyber attacks statistics for February, derived from the corresponding cyber attacks timelines (Part I and Part II). The level of activity has been stronger in the first half of the month, according to Daily Trend of Attacks chart ...
Update May 12: TCP Split Handshake: Why Cisco ASA is not susceptible Update May 11: The Never Ending Story Update April 21: Other Considerations on TCP Split Handshake Few days ago, independent security research and testing NSS Labs, issued a comparative report among six network security ...