In the first timeline of November, I have collected 127 events (corresponding to 8.47 events/day), a result in line with the previous timeline, which confirms the sustained level of activity that is characterizing this end of 2022.
Despite Ransomware continues to be a cyber plague, its percentage dropped to 22.8% (29 out of 127 events), nearly ten points down compared to the second fortnight of October, when it was 31.5% (41 out of 130 events). Even the impact of vulnerabilities had a considerable drop to 3.9% (5 out of 127 events), less than half compared to 10% of the previous timeline.
Unsurprisingly, Decentralized Finance platforms were still under attack: Deribit suffered a $28M hack, and even the now nearly defunct FTX suffered a $400M blow, just to add fuel to the fire.
Once again, the impact of cyber campaigns related to Ukraine seems to decrease (at least the ones that are visible), even if Ukraine was hit by a specific ransomware strain dubbed ‘Somnia’. Even without the contribution of Ukraine, the cyber espionage front was equally quite crowded with well-known threat actors such as APT29, APT36 and the North-Korean Lazarus, but also newcomers such as Billbug and Earth Longzhi (particularly active, since two camaigns were discovered).
Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map November H1 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/11/2022
Early October 2022
Early October 2022
KillNet
U.S. Treasury
A U.S. Treasury official reveals that the organization countered a DDoS attack by the Pro-Russian group Killnet during October.
DDoS
Public admin and defence, social security
H
US
Killnet, U.S. Treasury
2
01/11/2022
During Q3 2022
During Q3 2022
SandStrike
Persian-speaking religion minority of Baháʼí
Researchers from Kaspersky discover a new campaign carried out via a spyware known as SandStrike and delivered via a malicious VPN application to target Android users of the religion minority of Baháʼí.
Targeted Attack
Individual
CE
IR
Kaspersky, SandStrike, Android, Baháʼí
3
01/11/2022
-
-
?
Android users
Researchers from Malwarebytes discover a set of four malicious applications available in Google Play, directing users to sites that steal sensitive information or generate ‘pay-per-click’ revenue for the operators.
Malware
Individual
CC
>1
Malwarebytes, Android, Google Play
4
01/11/2022
14/10/2022
14/10/2022
?
Dropbox
Dropbox discloses a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack.
Account Takeover
Professional, scientific and technical
CC
US
Dropbox, GitHub
5
01/11/2022
Since July 2022
End of October 2022
W4SP
Multiple organizations
Researchers from Phylum discover over two dozen Python packages on the PyPI registry that are pushing the W4SP info-stealing malware.
Malware
Multiple Industries
CC
>1
Phylum, Python, PyPI, W4SP
6
01/11/2022
-
25/02/2021
?
Morrison Products
Morrison Products reports a data breach after the company learned that an unauthorized party was able to access sensitive information belonging to certain employees.
Unknown
Manufacturing
CC
US
Morrison Products
7
02/11/2022
02/11/2022
02/11/2022
?
Deribit
Cryptocurrency derivatives platform Deribit says a hacker stole $28 million from the company, forcing it to halt withdrawals as it investigates the incident.
Unknown
Fintech
CC
N/A
Deribit
8
02/11/2022
-
03/09/2022
KelvinSecurity
FourB S.p.A
Vodafone Italia sends customers notices of a data breach, informing that one of its commercial partners, FourB S.p.A., who operates as a reseller of the telecommunications services in the country, has suffered a cyber attack.
Unknown
Wholesale and retail
CC
IT
Vodafone Italia, FourB S.p.A., KelvinSecurity
9
02/11/2022
SInce early November 2022
Early November 2022
Emotet
Multiple organizations
The Emotet malware operation is again spamming malicious emails after almost a four-month break that saw little activity from the notorious cybercrime operation.
Malware
Multiple Industries
CC
>1
Emotet
10
02/11/2022
-
-
TA569
Undisclosed media company
Researchers from Proofpoint reveal that threat actors are using the compromised infrastructure of an undisclosed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.
Malware
Information and communication
CC
US
Proofpoint, SocGholish, JavaScript, FakeUpdates
11
02/11/2022
29/10/2022
29/10/2022
?
Atacama Large Millimeter Array (ALMA) Observatory
The Atacama Large Millimeter Array (ALMA) Observatory in Chile suspends all astronomical observation operations and takes its public website offline following a cyberattack.
Unknown
Professional, scientific and technical
CC
CL
Atacama Large Millimeter Array Observatory, ALMA
12
02/11/2022
-
-
RomCom
Multiple organization in English-speaking countries
Researchers at BlackBerry discover a new campaign by the RomCom threat actors, cloning official download portals for SolarWinds Network Performance Monitor (NPM), KeePass password manager, and PDF Reader Pro, essentially disguising the malware as legitimate programs.
Malware
Multiple Industries
CC
UK
>1
BlackBerry, RomCom, SolarWinds Network Performance Monitor, NPM, KeePass, PDF Reader Pro
13
02/11/2022
Early November 2022
Early November 2022
Multiple threat actors
Twitter users
After Twitter introduces the new "verified account" badge, a wave of scams via fake accounts appears in the social network.
Account Takeover
Individual
CC
>1
Twitter
14
02/11/2022
Since 20/10/2022
20/10/2022
SmokeLoader
Multiple organizations
Researchers from Cyble uncover a SmokeLoader campaign that is distributing community malware, such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware tracked as Laplas.
Petersen International Underwriters reports a data breach after the company learned that some of the information contained on its computer system was compromised.
Malware
Finance and insurance
CC
US
Petersen International Underwriters, ransomware
16
02/11/2022
Since June 2022
During June 2022
Fakecalls
Android banking users in South Korea
Researchers at Cyble discover a phishing campaign targeting Android users in South Korea, luring the victims via a fake Google Play Store page, attempting to deliver the Fakecalls Android malware.
Malware
Finance and insurance
CC
KR
Fakecalls, Cyble
17
02/11/2022
24/10/2022
24/10/2022
?
Secretaría de Comunicaciones y Transportes (SICT, Secretariat of Infrastructure, Communications and Transportation)
The Mexican Secretaría de Comunicaciones y Transportes stops issuing new permits, license plates and driver’s licenses for commercial truck operators until Dec. 31 because of a cyberattack
Unknown
Public admin and defence, social security
CC
MX
Secretaría de Comunicaciones y Transportes, SICT, Secretariat of Infrastructure, Communications and Transportation
18
03/11/2022
Between 2018 and 2022
During 2019
OPERA1ER
Multiple organizations in Africa
Researchers from Group-IB and Orange reveal the details of OPERA1ER, a threat group that has stolen at least $11 million from banks and telecommunication service providers in Africa using off-the-shelf hacking tools.
Targeted Attack
Multiple Industries
CC
>1
Group-IB, Orange, OPERA1ER
19
03/11/2022
Since at least March 2022
During March 2022
Crimson Kingsnake
Multiple organizations
Researchers from Abnormal Security reveal the details of Crimson Kingsnake, a business email compromise (BEC) group, impersonating well-known international law firms to trick recipients into approving overdue invoice payments.
Business Email Compromise
Multiple Industries
CC
>1
Abnormal Security, Crimson Kingsnake
20
03/11/2022
-
-
?
North Idaho College
North Idaho College is hit with a cyberattack that led to network shutdown.
Unknown
Education
CC
US
North Idaho College
21
03/11/2022
02/11/2022
02/11/2022
?
Jeppesen
Jeppesen, a wholly-owned Boeing subsidiary that provides navigation and flight planning tools, confirms that it is dealing with a cybersecurity incident, likely a ransomware attack, that has caused some flight disruptions.
Malware
Transportation and storage
CC
US
Jeppesen, Boeing, ransomware
22
03/11/2022
Since at least September 2022
During September 2022
?
Individuals
Researchers from Avanan warn of a new phishing campaign that abuses Microsoft Dynamics 365 Customer Voice to trick recipients into handing over their credentials.
Account Takeover
Individual
CC
>1
Avanan, Microsoft Dynamics 365 Customer Voice
23
03/11/2022
Since October 2022
31/10/2022
?
Users in multiple European countries including France, Spain, Portugal, Romania, Czech Republic and the UK.
A new wave of extortion messages mimicking law enforcement organizations Europol and Interpol are making a comeback.
Extortion scam
Individual
CC
CZ
ES
FR
PT
RO
UK
Extortion, Europol
24
03/11/2022
Between 25/01/2022 and 11/03/2022
-
?
United Veterinary Care
United Veterinary Care reports a data breach after the company discovered that personal consumer information stored on its computer network was compromised.
Unknown
Professional, scientific and technical
CC
US
United Veterinary Care
25
03/11/2022
-
24/08/2022
?
Alinsco Managing General Agency
Alinsco Managing General Agency files an official notice of a data breach following a data security incident that compromised sensitive consumer information in the company’s possession.
Unknown
Finance and insurance
CC
US
Alinsco Managing General Agency
26
03/11/2022
Throughout 2022
-
APT36 AKA Transparent Tribe
Indian government organizations
Researchers at Zscaler discover a new campaign carried out by the Pakistan-based threat actor APT36, abusing Google ad for malvertising, to distribute backdoored versions of Kavach multi-authentication (MFA) applications.
Targeted Attack
Public admin and defence, social security
CE
IN
Zscaler, Pakistan, APT36, Google ad, malvertising, Kavach, MFA
27
03/11/2022
24/10/2022
24/10/2022
?
Harcourts
Australian real estate agency Harcourts reveals it was affected by a cyber attack last month, with the personal information of tenants, landlords, and tradespeople potentially exposed.
Account Takeover
Real estate
CC
AU
Harcourts
28
03/11/2022
Since January 2022
-
?
Individuals in Singapore
At least 85 people here have lost about $237,000 since January 2022 after falling victim to phishing scams involving purported e-mails from Singapore Post (SingPost) and telco Singtel.
Account Takeover
Individual
CC
SG
Singapore Post, SingPost, Singtel
29
04/11/2022
-
-
Robin Banks
Multiple organizations
Researchers from IronNet reveal that the Robin Banks phishing-as-a-service (PhaaS) platform is back in action with a new infrastructure, after having been exposed in July 2022.
Account Takeover
Multiple Industries
CC
>1
IronNet, Robin Banks, phishing-as-a-service, PhaaS
30
04/11/2022
Since at least late 2020
During late 2020
Multiple threat actors
Multiple organizations
Google Project Zero discloses the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor.
CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370 vulnerabilities
Multiple Industries
CE
N/A
Google Project Zero, Samsung, spyware, CVE-2021-25337, CVE-2021-25369, CVE-2021-25370
31
04/11/2022
Over the last two months
Over the last two months
Vultur
Android users
Researchers at Cleafy observe an increase in the number of the Vultur Android malware infections, reaching a total of more than 100,000 downloads on the Google Play Store.
Malware
Individual
CC
>1
Cleafy, Vultur, Android, Google Play Store
32
04/11/2022
05/09/2022
05/09/2022
?
Salud Family Health
Salud Family Health reports a data breach after the company learned that an unauthorized party was able to access sensitive employee and patient information contained on its network.
Unknown
Human health and social work
CC
US
Salud Family Health
33
04/11/2022
04/11/2022
04/11/2022
?
Undisclosed Information Technology Company
Many county government employees are working without computers after a Rogers-based information technology company tells them to shut down computer servers because of a possible security breach.
Unknown
Professional, scientific and technical
CC
US
Arkansas
34
04/11/2022
During October 2022
-
?
UOB KayHian
DESORDEN GROUP is back and lists a stock brokerage firm, UOB KayHian, as a victim
Unknown
Finance and insurance
CC
MY
DESORDEN GROUP, UOB KayHian
35
04/11/2022
-
03/11/2022
Hive
Landi Renzo SpA
Landi Renzo SpA, an Italian firm that researches and manufactures eco-friendly automotive fuel supply systems, is added to Hive’s ransomware leak site. The threat actors leak 534 GB of files.
Malware
Manufacturing
CC
IT
Landi Renzo SpA, Hive, ransomware
36
04/11/2022
-
30/10/2022
LockBit 3.0
Cooperativa Antonio Vega Granados R.L.
Cooperativa Antonio Vega Granados R.L. in Costa Rica is added to Lockbit’s ransomware site.
Malware
Finance and insurance
CC
CR
Cooperativa Antonio Vega Granados R.L., Lockbit, ransomware
37
04/11/2022
-
-
LockBit 3.0
Sociedad Balbiana
Sociedad Balbiana, an event and meetings venue in Spain, is added to Lockbit’s ransomware site.
Malware
Professional, scientific and technical
CC
ES
Sociedad Balbiana, Lockbit, ransomware
38
04/11/2022
-
30/10/2022
LockBit 3.0
Macrotel
Macrotel, an IT solutions firm in Argentina, is added to Lockbit’s ransomware site. The threat actors claim to have acquired 16,428 files comprising 15 GB of data.
Malware
Professional, scientific and technical
CC
AR
Macrotel, Lockbit, ransomware
39
04/11/2022
-
-
LockBit 3.0
Happmobi
Happmobi, a digital training program startup in Brazil, is added to Lockbit’s ransomware site.
Malware
Professional, scientific and technical
CC
BR
Happmobi, Lockbit, ransomware
40
04/11/2022
04/11/2022
-
Vice Society
Unidad Medica AngloAmericana
Unidad Medica AngloAmericana is added to Vice Society’s ransomware leak site.
Norman Public Schools suffers a ransomware attack.
Malware
Education
CC
US
Norman Public Schools, ransomware
42
04/11/2022
-
-
Royal
Veroni
Veroni, an Italian producer of cured meats, is hit by a Royal ransomware attack.
Malware
Accommodation and food service
CC
IT
Veroni, Royal, ransomware
43
05/11/2022
03/11/2022
03/11/2022
?
PNORS Technology Group
Thousands of Victorian students and their families may have had personal data stolen after PNORS Technology Group, a technology company that has contracts with the Victorian government is hacked.
Unknown
Professional, scientific and technical
CC
AU
PNORS Technology Group
44
06/11/2022
06/11/2022
06/11/2022
?
Maple Leaf Foods
Maple Leaf Foods confirms that it experienced a cybersecurity incident causing a system outage and disruption of operations.
Unknown
Accommodation and food service
CC
CA
Maple Leaf Foods
45
06/11/2022
-
-
LockBit 3.0
Kearney & Company
The ransomware group LockBit claims to have stolen data from consulting and IT services provider Kearney & Company.
Malware
Professional, scientific and technical
CC
US
Ransomware, LockBit, Kearney & Company
46
06/11/2022
-
-
?
Deezer
France-based music-streaming platform Deezer admits being hit with a data breach that potentially compromised the information of over 220 million users.
Unknown
Arts entertainment, recreation
CC
FR
Deezer
47
07/11/2022
-
03/11/2022
Ukraine’s IT Army
Central Bank of Russia
Ukrainian hacktivists from the Ukraine’s IT Army claim to have breached the Central Bank of Russia, stealing thousands of internal documents.
Undisclosed vulnerabilities
Public admin and defence, social security
H
RU
Ukraine’s IT Army, Central Bank of Russia
48
07/11/2022
04/11/2022
04/11/2022
Black Basta
Sobeys
The Canadian food retail giant Sobeys is hit with a Black Basta ransomware attack.
Malware
Wholesale and retail
CC
CA
Sobeys, Black Basta, ransomware
49
07/11/2022
Since at least July 2021
-
?
Indian defense personnel
Researchers at Cyfirma discover a new malicious Android installation package, a variant of the Spymax RAT, targeting Indian defense personnel since at least July 2021.
Malware
Public admin and defence, social security
CE
IN
Cyfirma, Android, Spymax RAT, India
50
07/11/2022
-
-
Justice Blade
Smart Link BPO Solutions
The group of threat actors calling themselves ‘Justice Blade’ publishes leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC.
Unknown
Professional, scientific and technical
CC
SA
Justice Blade, Smart Link BPO Solutions
51
07/11/2022
-
-
?
Metropolitan Associates
Metropolitan Associates reports a data breach after the company learned that an unauthorized party was able to access sensitive consumer information that was stored on its network.
Unknown
Real estate
CC
US
Metropolitan Associates
52
07/11/2022
Between 14/01/2022 and 13/02/2022
09/02/2022
?
Camping World and Good Sam (CWGS)
Camping World and Good Sam (CWGS) reports a data breach after the company confirmed that an unauthorized party was able to access sensitive consumer information in its possession.
Unknown
Wholesale and retail
CC
US
Camping World and Good Sam, CWGS
53
07/11/2022
-
-
?
TransUnion LLC
TransUnion LLC reports a data breach after information in the company’s possession was subject to unauthorized access.
Unknown
Finance and insurance
CC
US
TransUnion LLC
54
07/11/2022
Since at least August 2022
During August 2022
Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy
Bank customers in India
Researchers from Trend Micro discover an uptick of attacks targeting bank customers in India via five banking malware families: Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.
Malware
Finance and insurance
CC
IN
Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy, Trend Micro, Android
55
07/11/2022
05/11/2022
05/11/2022
?
Albany City School District
The Albany City School District suffers a cyber attack and urges the personnel to stay offline.
Unknown
Education
CC
US
Albany City School District
56
07/11/2022
Between July and October 2022
During October 2022
?
Multiple organizations
Researchers from Sentinel One discover a new campaign by the SocGholish threat actors, expanding their malicious infrastructure with 73 new second-stage servers.
Malware
Multiple Industries
CC
>1
Sentinel One, SocGholish
57
07/11/2022
07/09/2022
07/09/2022
?
DOCS Medical Group
DOCS Medical Group discloses a ransomware attack.
Malware
Human health and social work
CC
US
DOCS Medical Group, ransomware
58
08/11/2022
'Recently'
'Recently'
Cloud9
Individuals
Researchers at Zimperium discover a new Chrome browser botnet named 'Cloud9', using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim's browser in DDoS attacks.
Malicious Browser Extension
Multiple Industries
CC
>1
Zimperium, Chrome, Cloud9
59
08/11/2022
'Recently'
'Recently'
LockBit
Multiple organizations
Researchers at AhnLab discover a new campaign distributing the LockBit ransomware via the Amadey botnet.
Malware
Multiple Industries
CC
>1
AhnLab, LockBit, Ransomware, Amadey
60
08/11/2022
-
Early November 2022
StrelaStealer
Spanish-speaking users
Researchers at DCSO CyTec discover StrelaStealer, a new information-stealing malware stealing email account credentials from Outlook and Thunderbird, two widely used email clients.
Malware
Individual
CC
>1
DCSO CyTec, StrelaStealer, Outlook, Thunderbird
61
08/11/2022
-
-
Multiple threat actors
Multiple organizations
Microsoft fixes CVE-2022-41091, a bug actively exploited that prevents Mark of the Web flags from propagating to files within downloaded ISO files, along with other five zero-day vulnerabilities actively exploited.
Microsoft, CVE-2022-41091, Mark of the Web, MoTW, ISO, CVE-2022-41040, CVE-2022-41082, CVE-2022-41128, CVE-2022-41125, CVE-2022-41073
62
08/11/2022
'Recently'
'Recently'
?
Thousands of home and corporate users
Researchers at Minerva Labs discover an ongoing phishing campaign infecting thousands of home and corporate users with a new version of the 'IceXLoader' malware.
Malware
Multiple Industries
CC
>1
Minerva Labs, IceXLoader
63
08/11/2022
Early November 2022
Early November 2022
Team Montesano
Website owners
An active extortion scam targets website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.
Extortion scam
Individual
CC
>1
Team Montesano
64
08/11/2022
08/11/2022
08/11/2022
Russian Cyber Army
Several Mississippi state websites
Several Mississippi state websites are knocked offline during midterm election. A Pro-Russian group claims responsibility for the attack.
DDoS
Public admin and defence, social security
H
US
Mississippi, Russian Cyber Army
65
08/11/2022
Since at least September 2022
During September 2022
?
Vulnerable WordPress Sites
Researchers at Sucuri discover a malware campaign designed to increase the search engine rankings of spam websites under the control of threat actors.
Malware
Multiple Industries
CC
>1
Sucuri, WordPress
66
08/11/2022
Early 2022
Early 2022
APT29 (aka SVR group, Cozy Bear, Nobelium, and The Dukes)
European diplomatic entity
Researchers from Mandiant detect an incident where APT29 successfully phished a European diplomatic entity and ultimately abused the Windows Credential Roaming feature.
Targeted Attack
Public admin and defence, social security
CE
N/A
Mandiant, APT29, Windows Credential Roaming, APT29, SVR group, Cozy Bear, Nobelium, The Dukes
67
08/11/2022
-
-
?
Eagle Bank
Eagle Bank reports a data breach after an unauthorized party was able to gain access to sensitive consumer information that had been entrusted to the bank.
Unknown
Finance and insurance
CC
US
Eagle Bank
68
08/11/2022
08/11/2022
08/11/2022
?
Champaign County Clerk
Champaign County Clerk is hit by a DDoS attack.
DDoS
Public admin and defence, social security
CC
US
Champaign County Clerk
69
08/11/2022
During October 2022
During October 2022
?
General Council of the Judiciary (CGPJ)
The General Council of the Judiciary (CGPJ) suffers a cyberattack on its Punto Neutro Judicial (PNJ) platform that connects judicial bodies with other government agencies, including the National Police Force, the Attorney General’s Office, and the General Secretariat of Penitentiary Institutions. Half a million taxpayers and 50,000 police officers have their information stolen.
Unknown
Public admin and defence, social security
CC
ES
General Council of the Judiciary, CGPJ, Punto Neutro Judicial, PNJ
70
08/11/2022
06/11/2022
06/11/2022
?
Empresa de transportes urbanos de Sevilla (Tussam)
The Empresa de transportes urbanos de Sevilla (Tussam) discloses it had been the target of a cyber attack and that both the mobile application and the information panels at bus stops were disabled as a result.
Unknown
Transportation and storage
CC
ES
Empresa de transportes urbanos de Sevilla, Tussam
71
08/11/2022
During September 2022?
-
Hive
“TCQ”, Quetzal Container Terminal,
The Hive ransomware threat actors listed “TCQ”, Quetzal Container Terminal, on their dedicated leak site,
Malware
Transportation and storage
CC
GT
Hive, Ransomware, TCQ, Quetzal Container Terminal
72
08/11/2022
20/10/2022
20/10/2022
?
Midland Information Technology Consortium
The Midland Information Technology Consortium is hit with a ransomware attack.
Malware
Professional, scientific and technical
CC
US
Midland Information Technology Consortium, ransomware
73
09/11/2022
Between May 2020 and February 2021
-
Earth Longzhi
Several infrastructure companies in Taiwan, a bank in China, and a government organization in Taiwan.
Researchers at Trend Micro discover a previously unknown Chinese APT dubbed 'Earth Longzhi' targeting multiple organizations in East Asia, Southeast Asia, and Ukraine.
Targeted Attack
Multiple Industries
CE
CN
TW
Trend Micro, China, Earth Longzhi
74
09/11/2022
Between May 2020 and February 2021
-
Earth Longzhi
High-profile victims in the defense, aviation, insurance, and urban development industries in Taiwan, China, Thailand, Malaysia, Indonesia, Pakistan, and Ukraine.
Researchers at Trend Micro discover a second campaign by the Chinese APT dubbed 'Earth Longzhi' targeting multiple organizations in East Asia, Southeast Asia, and Ukraine.
Targeted Attack
Multiple Industries
CE
CN
IN
MY
TW
TH
PK
UA
Trend Micro, China, Earth Longzhi
75
09/11/2022
-
-
Royal
Circuit of Silverstone
Silverstone, one of the most popular motor racing circuits in the United Kingdom is investigating a ransomware attack after the Royal gang added it to its list of victims.
Malware
Arts entertainment, recreation
CC
UK
Silverstone, Royal, Ransomware
76
09/11/2022
-
-
Multiple threat actors
Multiple organizations
Researchers from Cisco Talos observe multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure.
>1
Multiple Industries
CC
>1
Cisco Talos, IPFS
77
09/11/2022
-
-
apicolor
Multiple organizations
Researchers from Check Point discover 'apicolor', a new malicious package on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on Github.
Malware
Multiple Industries
CC
>1
Check Point, 'apicolor', Python Package Index, PyPI, Github
78
09/11/2022
02/09/2022
02/09/2022
?
Old Point National Bank
Old Point National Bank reports a data breach after the company learned that an unauthorized party was able to access an employee’s email account that contained sensitive information belonging to certain bank customers.
Account Takeover
Finance and insurance
CC
US
Old Point National Bank
79
09/11/2022
16/02/2022
'Recently'
?
Work Health Solutions
Work Health Solutions reports a data breach after an unauthorized party was able to access an employee’s email account that contained sensitive information related to certain individuals.
Account Takeover
Human health and social work
CC
US
Work Health Solutions
80
09/11/2022
Between 20/09/2022 and 22/09/2022
21/09/2022
?
GATE Petroleum Company
GATE Petroleum Company reports a data breach after the company learned that an unauthorized party had gained access to sensitive information stored on its computer network.
Unknown
Electricity, gas steam, air conditioning
CC
US
GATE Petroleum Company
81
09/11/2022
-
-
?
Doctors’ Center Hospital
Doctors’ Center Hospital reports a data breach after the company learned that an unauthorized party was able to gain access to sensitive patient information.
Malware
Human health and social work
CC
US
Doctors’ Center Hospital, ransomware
82
09/11/2022
Between 19/01/2022 and 03/03/2022
-
?
Legacy Post Acute Care
Legacy Post Acute Care notifies patients that their personal data was compromised after the hack of multiple employee accounts.
Account Takeover
Human health and social work
CC
US
Legacy Post Acute Care
83
09/11/2022
-
-
?
Commack School District
Commack School District faces a ransomware attack
Malware
Education
CC
US
Commack School District, ransomware
84
09/11/2022
17/10/2022
-
?
Uruguay’s Ministry of Transport and Public Works (MTOP)
Uruguay’s Ministry of Transport and Public Works (MTOP) is hit with a ransomware attack.
Malware
Public admin and defence, social security
CC
UY
Uruguay’s Ministry of Transport and Public Works, MTOP, ransomware
85
10/11/2022
09/11/2022
09/11/2022
?
Autovie Venete
Autovie Venete suffers a cyber attack that prevents the access to its IT services.
Unknown
Transportation and storage
CC
IT
Autovie Venete
86
10/11/2022
-
-
?
Individuals in the US
The FBI warns that tech support scammers are now impersonating financial institutions' refund payment portals to harvest victims' sensitive information and add legitimacy.
Account Takeover
Individual
CC
US
FBI
87
10/11/2022
-
-
Venus
Healthcare organizations in the US
The U.S. Department of Health and Human Services (HHS) warns that Venus ransomware attacks are also targeting the country's healthcare organizations.
Malware
Human health and social work
CC
US
U.S. Department of Health and Human Services, HHS, Venus, Ransomware
88
10/11/2022
Since at least November 2021
06/11/2021
APT15
Ethnic and religious minorities in China
Researchers from Lookout discover a previously undocumented Android spyware tool named 'BadBazaar', targeting ethnic and religious minorities in China, most notably the Uyghurs in Xinjiang.
Researchers from Lookout discover a new campaign targeting the ethnic minorities in China through a new variant of the Moonshine malware.
Malware
Individual
CE
CN
Lookout, Android, Moonshine, China, Uyghurs
90
10/11/2022
Since at least early November 2022
Early November 2022
KmsdBot
Multiple organizations
Researchers from Akamai discover KmsdBot, a botnet with cryptomining and DDoS capabilities, infecting systems via a SSH connection with weak login credentials.
Malware
Multiple Industries
CC
>1
Akamai, KmsdBot
91
10/11/2022
'Recently'
'Recently'
Xenomorph
Android users
Researchers at Zscaler discover a new campaign distributing the Xenomorph banking malware via a couple of malicious dropper apps on the Play Store.
Malware
Finance and insurance
CC
>1
Zscaler, Xenomorph
92
10/11/2022
-
-
Multiple threat actors
Individuals
Researchers from Digital Shadows discover multiple campaigns taking advantage of the forthcoming Qatar 2022 World Cup.
>1 (Account Takeover, Malware)
Individual
CC
>1
Digital Shadows, Qatar 2022 World Cup
93
10/11/2022
-
-
?
Individuals in Germany
Researchers from Kaspersky discover a scam campaign targeting German residents, and pretending to be from Finanzmarktaufsicht, a German financial regulator company investigating fraud.
Account Takeover
Individual
CC
DE
Kaspersky, Finanzmarktaufsicht
94
10/11/2022
-
-
?
Individuals in Switzerland
Researchers from Kaspersky discover a scam campaign targeting Swiss residents, and pretending to be from FINMA, an independent local financial regulator.
Account Takeover
Individual
CC
CH
Kaspersky, FINMA
95
11/11/2022
-
-
UAC-0118 AKA 'From Russia with Love' (FRwL), and 'Z-Team'
Multiple organizations in Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) issues a warning about Russian hacktivists infecting multiple organizations in Ukraine with a new ransomware strain called 'Somnia.'
Malware
Multiple Industries
CW
UA
Computer Emergency Response Team of Ukraine, CERT-UA, ransomware, 'Somnia', UAC-0118, 'From Russia with Love' (FRwL), 'Z-Team'
96
11/11/2022
-
-
0x_dump
Deutsche Bank
A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online.
Unknown
Finance and insurance
CC
DE
0x_dump, Deutsche Bank
97
11/11/2022
08/09/2022
08/09/2022
?
New York-Presbyterian Hospital
New York-Presbyterian Hospital discloses a security incident after detecting a possible attempts to download information by an unauthorized user.
Unknown
Human health and social work
CC
US
New York-Presbyterian Hospital
98
11/11/2022
Between 17/08/2022 and 31/08/2022
01/09/2022
?
Alta Forest Products
Alta Forest Products experiences a cyberattack in which the protected health information of up to 2,100 members of the Alta Forest Products Health and Welfare Plan was exposed.
Unknown
Manufacturing
CC
US
Alta Forest Products
99
11/11/2022
-
10/11/2022
BlackCat
Conforama
BlackCat ransomware gang lists Conforama, said to be Europe's second-largest home furnishing retail chain, on its victim list, and claims to have stolen over 1TB of data.
Malware
Manufacturing
CC
FR
BlackCat, ransomware, Conforama
100
11/11/2022
09/10/2022
10/10/2022
Vice Society
Bishop of Hereford's Bluecoat School
The Bishop of Hereford's Bluecoat School has its data leaked online after suffering a ransomware attack by the Vice Society threat actor.
Malware
Education
CC
UK
The Bishop of Hereford's Bluecoat School, ransomware, Vice Society
101
11/11/2022
-
-
?
Individuals in Spain
Researchers from Avast discover a phishing campaign in Spain posing as the Spanish Tax Agency, Agencia Tributaria.
Account Takeover
Individual
CC
ES
Agencia Tributaria
102
11/11/2022
-
-
?
Undisclosed collection provider in Spain
A cyberattack on a debt collection provider used by Orange breaches some customers’ personal information.
Unknown
Finance and insurance
CC
ES
Orange
103
11/11/2022
11/08/2022
12/09/2022
?
Yale Medicine
Yale Medicine discloses a ransomware incident.
Malware
Human health and social work
CC
US
Yale Medicine
104
11/11/2022
-
Since at least April 2021
?
Malaysian Election Commission
67 gb with the the personal details of 800,000 Malaysian voters are posted online on a forum. The data should belong to the Malaysian Election Commission, which denies the breach.
Unknown
Public admin and defence, social security
CC
MY
Malaysian Election Commission
105
11/11/2022
-
-
Sawarim
eKRÉTA
A hacking group named Sawarim has breached eKRÉTA, the company behind a school management platform widely deployed across Hungary. The platform is believed to store the personal details of more than 720,000 Hungarian students, aged between 6 and 18 years.
Unknown
Professional, scientific and technical
CC
HU
Sawarim, eKRÉTA
106
11/11/2022
-
'Recently'
?
Stanley Street Treatment and Resources
Stanley Street Treatment and Resources (SSTAR) reports a data breach after learning that an unauthorized party accessed the organization’s computer system and removed confidential patient information.
Unknown
Human health and social work
CC
US
Stanley Street Treatment and Resources
107
11/11/2022
11/11/2022
11/11/2022
?
Greene County Tech School District
The Greene County Tech School District is hit with a malware attack.
Malware
Education
CC
US
Greene County Tech School District
108
12/11/2022
11/11/2022
11/11/2022
?
FTX
FTX, the massive crypto exchange that went bankrupt, suffers a hack exceeding $400 million, probably the work of an insider.
Account Takeover
Fintech
CC
N/A
FTX
109
12/11/2022
11/11/2022
11/11/2022
?
Government websites in Bahrain
Several government websites in Bahrain are hit by a DDoS attack.
DDoS
Public admin and defence, social security
N/A
BH
Bahrain
110
12/11/2022
-
-
Kelvin Security
Norigine
Norigine, an Italian pharmaceutical company, has 3,15GB of data exfiltrated by the Kelvin Security gang.
Unknown
Professional, scientific and technical
CC
IT
Norigine, Kelvin Security
111
14/11/2022
11/11/2022
-
?
Whoosh
The Russian scooter-sharing service Whoosh confirms a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum.
Unknown
Transportation and storage
CC
RU
Whoosh
112
14/11/2022
Since 2017
'Recently'
Fangxiao
Individuals
Researchers from Cyjax reveal that a malicious for-profit group named 'Fangxiao' has created a massive network of over 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways.
Account Takeover
Individual
CC
>1
Cyjax, Fangxiao
113
14/11/2022
During Mid-November 2022
During Mid-November 2022
QBot AKA QackBot
Multiple organizations
A new campaign distributes the QBot malware via phishing emails. The malware use a DLL hijacking flaw in the Windows 10 Control Panel to infect computers.
Malware
Multiple Industries
CC
>1
Qbot, QackBot, Windows, Control Panel
114
14/11/2022
14/11/2022
14/11/2022
?
Jackson County Intermediate School District
Jackson County Intermediate School District is hit with a ransomware attack.
Malware
Education
CC
US
Jackson County Intermediate School District, ransomware
115
14/11/2022
14/11/2022
14/11/2022
?
Hillsdale County Intermediate School District
Hillsdale County Intermediate School District is hit with a ransomware attack.
Malware
Education
CC
US
Hillsdale County Intermediate School District, ransomware
116
14/11/2022
Since September 2022
Since September 2022
BatLoader
Multiple organizations
Researchers from VMWare Carbon Black discover BatLoader, an initial access malware using batch and PowerShell scripts to gain a foothold on a victim machine and deliver other malware.
Malware
Multiple Industries
CC
>1
VMWare Carbon Black, BatLoader
117
14/11/2022
-
13/09/2022
?
Connexin Software (Office Practicum)
Connexin Software (Office Practicum) reports a data breach after the company learned that an unauthorized party was able to access sensitive patient information that had been entrusted to the company.
Unknown
Professional, scientific and technical
CC
US
Connexin Software, Office Practicum
118
14/11/2022
08/10/2022
-
?
Health Care Management Solutions
Health Care Management Solutions reports a data breach after the company was the target of a ransomware attack compromising patients’ sensitive information.
Malware
Human health and social work
CC
US
Health Care Management Solutions, ransomware
119
14/11/2022
01/10/2022
01/10/2022
?
Middletown Valley Bank
Middletown Valley Bank reports a data breach after the company discovered that an unauthorized party had gained access to files on the bank’s computer network containing sensitive consumer information.
Unknown
Finance and insurance
CC
US
Middletown Valley Bank
120
14/11/2022
14/11/2022
14/11/2022
KillNet
FBI Websites
The pro-Russian hacking group KillNet claims responsibility for a denial-of-service attack against FBI websites,
DDoS
Public admin and defence, social security
H
US
Killnet, FBI
121
14/11/2022
-
-
Typhon Reborn
Multiple organizations
Researchers from Palo Alto Networks discover a new version of the Typhon Stealer, named Typhon Reborn, with enhanced anti-analysis techniques and multiple new malicious features.
Malware
Multiple Industries
CC
>1
Palo Alto Networks, Typhon Stealer, Typhon Reborn
122
14/11/2022
4/11/2022
4/11/2022
?
Vanuatu government
A ransomware attack takes down the websites of the Vanuatu government.
Malware
Public admin and defence, social security
CC
VU
Vanuatu, ransomware
123
15/11/2022
Since at least 2012
During March 2022
Billbug (AKA Thrip, Lotus Blossom, Spring Dragon)
A certificate authority, government agencies, and defense organizations in several countries in Asia.
Researchers from Symantec/Broadcom reveal the details of the latest campaign of the Chinese Billbug threat actor targeting multiple organizations in several Asian countries.
Targeted Attack
Multiple Industries
CE
>1
Symantec/Broadcom, China, Billbug, Thrip, Lotus Blossom, Spring Dragon
124
15/11/2022
'Recently'
'Recently'
Lazarus
Organizations in Europe and Latin America.
Researchers from Kaspersky reveal the details of the latest campaign from the North Korean group Lazarus targeting multiple organizations in Europe and America via the DTrack modular backdoor.
Targeted Attack
Multiple Industries
CE
BR
CH
DE
IN
IT
MX
SA
TR
US
Kaspersky, Lazarus, North Korea, DTrack
125
15/11/2022
Since October 2022
During October 2022
At least seven hacking groups
Vulnerable Magento 2 websites
Researchers from Sansec reveal that at least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting CVE-2022-24086.
CVE-2022-24086 vulnerability
Wholesale and retail
CC
>1
Sansec,TrojanOrders, Magento 2, CVE-2022-24086
126
15/11/2022
Since October 2022
During October 2022
RapperBot
Game servers
Researchers from Fortinet reveal that the Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers.
DDoS
Arts entertainment, recreation
CC
>1
Fortinet, RapperBot, Mirai, IoT
127
15/11/2022
Between 04/05/2022 and 16/09/2022
16/09/2022
?
Commonwealth Care Alliance of California (“CCA Health California”)
Commonwealth Care Alliance of California (“CCA Health California”) reports a data breach after an unauthorized party was able to access files on the company’s network containing sensitive information belonging to certain individuals.
Malware
Human health and social work
CC
US
Commonwealth Care Alliance of California, CCA Health California, ransomware
128
15/11/2022
Between 08/04/2022, and 21/04/2022 and between 10/06/2021 and 08/042022
-
?
Assurance Health System
Assurance Health System announces that the email accounts of two employees have been accessed by unauthorized individuals.
Account Takeover
Human health and social work
CC
US
Assurance Health System
129
15/11/2022
During the second week of November 2022
During the second week of November 2022
?
Dallas Central Appraisal District (DCAD)
Dallas Central Appraisal District is hit by a ransomware attack.
Malware
Public admin and defence, social security
CC
US
Dallas Central Appraisal District, DCAD, ransomware
130
15/11/2022
-
-
?
Compagnia Valdostana delle Acque (CVA)
CVA, an Italian local water utility is hit with a cyber attack.
Unknown
Water supply, waste mgmt, remediation
CC
IT
Compagnia Valdostana delle Acque, CVA
131
15/11/2022
-
-
MedusaLocker
Fonderia Boccacci
Fonderia Boccacci, an Italian foundry, is hit with a MedusaLocker ransomware attack.
Malware
Manufacturing
CC
IT
Fonderia Boccacci, MedusaLocker, ransomware
132
15/11/2022
-
-
Kelvin Security
Tel.ene
Tel.ene, a local Italian telco provider, has 11,5GB (4.107 files) leaked by the Kelvin Security group.
Unknown
Information and communication
CC
IT
Tel.ene, Kelvin Security
133
15/11/2022
Since early November 2022
Early November 2022
?
TikTok users
Researchers from Checkmarx reveal that attackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install the WASP malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets.
Malware
Individual
CC
>1
Checkmarx, TikTok, Invisible Challenge, WASP
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.