Welcome to the last cyber attacks timeline of 2022! A timeline that marks a sharp decline in the number of recorded events after four consecutive increases: 117 events in comparison to nearly 150 collected in the previous timeline, it will be interesting to see if this is just a temporary effect (maybe less attacks surfaced given also the festive break) or the start of a new trend.
Less events, but a major influence by those characterized by ransomware, whose percentage is again beyond 30% and nearly ten points higher than the previous fortnight (35% vs. 25.8%, corresponding to 41 out of 117). In contrast, the exploitation of vulnerabilities characterized 5.9% of events (8 out of 141), almost half the value of the previous fortnight (10.2%).
The siege against crypto platforms continued also in these last days of 2022: the users of BitKeep suffered a cumulative loss of $8M worth in crypto assets through a trojanized app, and BTC.com was hit by a cyber attack resulting in the loss of $3M worth.
The end of 2022 was also characterized by a few massive breaches: for sure the one hitting Twitter (the private data of 400 million users were put on sale overshadowed the rest), but there were also other examples (despite unconfirmed in some cases) in Malaysia (Maybank, Astro, and the Election Committee) and India (Railway Catering and Tourism Corporation – IRCTC.)
Not so many cyber espionage campaigns in this timeline. Of course at least one targeting Ukraine (carried out by a threat actor dubbed UAC-0142 and targeting the users of the ‘DELTA’ situational awareness program), and two more targeting foreign policy experts in South Korea, and members of the Indian government, launched respectively by the North Korean threat actor Kimsuky and from a threat actor allegedly originating from Pakistan.
With regards to cyber warfare, the timeline recorded a couple of operations of Coordinated Inauthentic Behavior carried out by a Russian troll farm (taken down by the Ukrainian law enforcement), and by the infamous group GhostWriter.
And of course the situation in Ukraine was behind several attacks launched by pro-Russian hacktivists, in particular Killnet and NoName057(16), even if in some cases it is really difficult to ascertain if the claims are true.
Even in this fortnight, the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
Expand for details
Geo Map December H2 2022
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
16/12/2022
-
-
?
Fire Rescue Victoria’s (FRV)
Australia’s fire and rescue service in the state of Victoria shuts down its network and operates manually after being targeted with a cyberattack by “an external third party,”
Unknown
Public admin and defence, social security
CC
AU
Fire Rescue Victoria, FRV
2
16/12/2022
-
29/08/2022
?
Monarch
Monarch files notice of a data breach after a ransomware attack resulted in confidential patient information being exposed to an unauthorized party.
Malware
Human health and social work
CC
US
Monarch, ransomware
3
16/12/2022
-
02/09/2022
?
FoundCare
FoundCare reports a data breach after the company learned that an unauthorized party was able to access confidential patient information by gaining access to several employee email accounts.
Account Takeover
Human health and social work
CC
US
FoundCare
4
16/12/2022
-
12/10/2022
?
Eggleston Center
Eggleston Center reports a data breach after the company learned that hackers were able to access sensitive consumer information in its possession following a ransomware attack.
Malware
Human health and social work
CC
US
Eggleston Center, ransomware
5
16/12/2022
28/10/2022
02/11/2022
?
Hawaiian Eye Center (HEC)
Hawaiian Eye Center (HEC) notified patients of a cyberattack.
Unknown
Human health and social work
CC
US
Hawaiian Eye Center, HEC
6
16/12/2022
'Recently'
'Recently'
DarkTortilla
Multiple organizations
Researchers from Cyble discover two phishing sites — one spoofing a Cisco webpage and the other masquerading as a Grammarly site — used to distribute the malware known as "DarkTortilla."
Malware
Multiple Industries
CC
>1
Cyble, Cisco, Grammarly, DarkTortilla
7
16/12/2022
-
-
?
MAS Insurance
MAS insurance releases a statement revealing a third-party supplier of after-hours call-centre services for the company “has recently notified us of a breach of their systems through a cyber-attack”.
Unknown
Finance and insurance
CC
NZ
MAS Insurance
8
16/12/2022
15/12/2022
15/12/2022
?
MNLINK
Rochester Public Library is notified that one of its library service partners, MNLINK, experienced a data breach.
Unknown
Administration and support service
CC
US
Rochester Public Library. MNLINK
9
16/12/2022
-
-
Agenda
Multiple organizations
Researchers from Trend Micro discover a new variant of the Agenda ransomware written in Rust and targeting primarily the manufacturing and IT industries.
Malware
Multiple Industries
CC
>1
Agenda, Ransomware, Trend Micro
10
16/12/2022
-
14/12/2022
?
Aegea Saneamento e Participações S.A
Aegea Saneamento e Participações S.A, a private company operating in the water and waste sector, suffers a cyber-attack.
Unknown
Water supply, waste mgmt, remediation
CC
BE
Aegea Saneamento e Participações S.A
11
17/12/2022
17/12/2022
17/12/2022
Jason Brubeck
NFT collector
A hacker known with the moniker of Jason Brubeck steals approximately 850 ETH ($1+ million) worth of Bored Ape collection from an NFT collector.
Account Takeover
Fintech
CC
N/A
Jason Brubeck, Bored Ape
12
17/12/2022
-
-
?
CoWIN
An attacker leaks 5000 users data from the Indian government’s web portal for COVID-19 vaccination, CoWIN.gov.in.
Unknown
Public admin and defence, social security
CC
IN
COVID-19, CoWIN.gov.in
13
18/12/2022
16/12/2022
17/12/2022
UAC-0142
Users of the Ukrainian 'DELTA' situational awareness program
The CERT-UA (Computer Emergency Response Team of Ukraine) discovers a campaign leveraging a compromised Ukrainian Ministry of Defense email account sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware.
Targeted Attack
Public admin and defence, social security
CE
UA
CERT-UA, Computer Emergency Response Team of Ukraine, DELTA, UAC-0142
14
18/12/2022
-
15/12/2022
?
SevenRooms
Restaurant customer management platform SevenRooms confirms it suffered a data breach after a threat actor began selling stolen data on a hacking forum.
Unknown
Professional, scientific and technical
CC
US
SevenRooms
15
18/12/2022
-
-
Royal
Conform
Conform, an Italian consulting firm, is hit with a Royal ransomware attack.
Malware
Professional, scientific and technical
CC
IT
Conform, Royal, Ransomware
16
19/12/2022
Since 11/12/2022
-
?
Python developers
Researchers from ReversingLabs discover a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the a cybersecurity firm but, in reality, steals data from developers.
Malware
Multiple Industries
CC
>1
ReversingLabs, Python, PyPI, SentinelOne
17
19/12/2022
Since at least 06/12/2022
06/12/2022
?
Python developers
Researchers from Phylum report that at least 16 packages on PyPI are spreading ten different information-stealing malware variants based on W4SP Stealer.
Malware
Multiple Industries
CC
>1
Phylum, PyPI, W4SP
18
19/12/2022
18/12/2022
18/12/2022
LockBit 3.0
Hospital for Sick Children (SickKids)
The Hospital for Sick Children (SickKids) is hit with a LockBit ransomware attack. However few days later the attackers apologize for the attack and give the hospital a free decryptor.
Malware
Human health and social work
CC
CA
Hospital for Sick Children, SickKids, LockBit, ransomware
19
19/12/2022
-
-
Multiple threat actors
Multiple organizations
Cisco updates multiple security advisories to warn of the malicious exploitation of severe vulnerabilities impacting its networking devices.
CVE-2017-12240, CVE-2018-0171, CVE-2018-0125, CVE-2021-1497, and CVE-2018-0147 vulnerabilities
Multiple Industries
N/A
>1
Cisco, CVE-2017-12240, CVE-2018-0171, CVE-2018-0125, CVE-2021-1497, and CVE-2018-0147
20
19/12/2022
'Recently'
'Recently'
GuLoader
Multiple organizations
Researchers from Crowdstrike discover a new GuLoader variant with new anti-analysis capabilities.
Malware
Multiple Industries
CC
>1
Crowdstrike, GuLoader
21
19/12/2022
Approximately one year ago
-
Moses Staff
Israeli CCTV cameras
An investigations reveal that an Iranian group, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras,
Unknown
Multiple Industries
H
IL
Moses Staff
22
19/12/2022
-
-
?
Medstar Mobile Healthcare
Medstar Mobile Healthcare files notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after a recent hacking incident targeting the company’s computer system compromised confidential information belonging to certain patients.
Unknown
Human health and social work
CC
US
Medstar Mobile Healthcare
23
19/12/2022
Between 08/11/2022 and 17/11/2022
17/11/2022
?
P2 Energy Solutions
P2 Energy Solutions reports a data breach after learning that an unauthorized party was able to bypass the company’s data security system and access confidential consumer information.
Unknown
Professional, scientific and technical
CC
US
P2 Energy Solutions
24
19/12/2022
06/12/2022
09/12/2022
?
Multiple organizations
Researchers from Fortinet discover another 0-day attack embedded in a PyPI package called “aioconsol.”
Malware
Multiple Industries
CC
>1
Fortinet. PyPI, aioconsol
25
20/12/2022
-
-
Russia
Ukraine
Ukrainian law enforcement dismantle more than a dozen bot farms that were active inside the country, accusing their operators of spreading Russian propaganda through more than 1.5 million fake accounts.
Coordinated Inauthentic Behavior
Individual
CW
UA
Russia, Ukraine
26
20/12/2022
End of August 2022
-
Large petroleum refining company within a NATO member state
Researchers from Palo Alto Networks reveal that Trident Ursa, a hacking group associated with Russia’s Federal Security Service (FSB) unsuccessfully attempted to compromise a large petroleum refining company within a NATO member.
Telecommunication service providers and government systems
Researchers from Trend Micro discover a new version of the Raspberry Robin malware trying to evade detection dropping a fake payload to confuse researchers and evade detection.
Malware
Multiple Industries
CC
>1
Trend Micro, Raspberry Robin, Evil Corp
28
20/12/2022
-
-
?
Adult sites
Researchers from Malwarebytes discover a massive advertising fraud campaign using Google Ads and 'popunders' on adult sites, and estimated to have generated millions of ad impressions.
Advertising fraud
Arts entertainment, recreation
CC
>1
Malwarebytes, Google Ads, popunders
29
20/12/2022
-
-
Play
Multiple organizations
Researchers from Crowdstrike reveal that Play ransomware threat actors are using a new exploit chain (named OWASSRF) that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution on vulnerable servers through Outlook Web Access (OWA).
Malware
Multiple Industries
CC
>1
Crowdstrike, Play, ransomware, OWASSRF, ProxyNotShell, RCE, Outlook Web Access, OWA
30
20/12/2022
-
During March 2022
Godfather
Android banking users in 16 countries
Researchers from Cyble reveal that the Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
Malware
Finance and insurance
CC
>1
Cyble, Android, Godfather
31
20/12/2022
20/12/2022
20/12/2022
?
Thyssenkrupp
Thyssenkrupp discloses that its materials services division and headquarters have been targeted in a cyberattack.
Unknown
Manufacturing
CC
DE
Thyssenkrupp
32
20/12/2022
13/06/2022
16/06/2022
?
W.W. Wallwork
W.W. Wallwork files notice of a data breach after learning that an unauthorized party was able to access sensitive consumer information stored on the company’s computer network.
Unknown
Wholesale and retail
CC
US
W.W. Wallwork
33
20/12/2022
08/11/2022
08/11/2022
?
Educational institution in the U.S.
Researchers from Armorblox detect a VIP impersonification attack against a large educational institution in the U.S.
Business Email Compromise
Education
CC
US
Armorblox
34
20/12/2022
-
05/12/2022
?
Superior Audit Office of Guanajuato (ASEG)
The Superior Audit Office of Guanajuato (ASEG) suffers a ransomware attack that encrypted all the information of the system.
Malware
Public admin and defence, social security
CC
BR
Superior Audit Office of Guanajuato, ASEG
35
21/12/2022
-
-
Killnet
FBI?
Members of the Killnet collective leak a text file showing the login credentials of 10,000 individuals whom they claim are FBI agents.
Unknown
Public admin and defence, social security
H
US
Killnet, FBI
36
21/12/2022
-
-
Killnet
US Federal Motor Carrier Safety Administration (FMCSA).
Members of the Killnet collective also claim to have breached the US Federal Motor Carrier Safety Administration (FMCSA).
Unknown
Public admin and defence, social security
H
US
US Federal Motor Carrier Safety Administration, FMCSA
37
21/12/2022
Early December 2022
Early December 2022
?
Okta
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked early December
Unknown
Professional, scientific and technical
CC
US
Okta
38
21/12/2022
-
-
?
Multiple organizations in the U.S:
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.
Advertising fraud
Multiple Industries
CC
US
FBI, Malvertising
39
21/12/2022
-
-
DEV-1061
Multiple organizations
Researchers from the Microsoft Security Threat Intelligence team discover a new version of the Zerobot botnet upgraded to infect new devices by exploiting security vulnerabilities affecting Internet-exposed and unpatched Apache servers.
Multiple vulnerabilities
Multiple Industries
CC
>1
DEV-1061, Microsoft Security Threat Intelligence, Zerobot, Apache
40
21/12/2022
During May 2022
28/11/2022
betmgmhacked
BetMGM
BetMGM discloses a data breach after a threat actor stole personal information belonging to an undisclosed number of customers.
Unknown
Arts entertainment, recreation
CC
US
BetMGM, betmgmhacked
41
21/12/2022
20/12/2022
20/12/2022
?
The Guardian
Staff at The Guardian newspaper are told not to come into the office and to work from home for the rest of the week due to a suspected ransomware attack.
Malware
Information and communication
CC
UK
The Guardian, Ransomware
42
21/12/2022
Between 04/082022 and 09/12/2022
08/12/2022
?
Ethos Technologies
Ethos Technologies files notice of a data breach after hackers successfully carried out a cyberattack against the company.
Unknown
Finance and insurance
CC
US
Ethos Technologies
43
21/12/2022
Since at least August 2022
During August 2022
"waltcranston"
Individuals
Researchers from Sophos discover more than 20 fake criminal marketplaces designed to defraud cyberscammers.
Account Takeover
Individual
CC
>1
Sophos, waltcranston
44
21/12/2022
1/11/2022
1/11/2022
?
San Benito Consolidated School District
San Benito Consolidated School District confirms a Karakurt ransomware attack.
Malware
Education
CC
US
San Benito Consolidated School District, Karakurt, ransomware
45
22/12/2022
During December 2022
During December 2022
Killnet
Undisclosed U.S.-based healthcare organization
The pro-Russian hacktivist group Killnet claims the compromise of a U.S.-based healthcare organization.
Unknown
Human health and social work
H
US
Killnet
46
22/12/2022
Since June 2021
-
FIN7
Multiple organizations
Researchers from Prodaft reveal the details of Checkmarks, a scanner for multiple Microsoft Exchange remote code execution and privilege elevation vulnerabilities like CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 leveraged by the FIN7 cyber criminal group.
Multiple vulnerabilities
Multiple Industries
CC
>1
Prodaft, Checkmarks, Microsoft Exchange, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, FIN7
47
22/12/2022
'Recently'
'Recently'
Vice Society
Multiple organizations
Researchers from Sentinel One discover PolyVice, a new custom encryptor used by the Vice Socieaty ransomware.
Malware
Multiple Industries
CC
>1
Sentinel One, Vice Society, ransomware, PolyVice
48
22/12/2022
Since 19/12/2022
19/12/2022
?
Comcast Xfinity customers
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. The compromised accounts are then used to reset passwords for other services.
Credential Stuffing
Information and communication
CC
US
Comcast Xfinity
49
22/12/2022
Earlier in 2022
-
?
LastPass
LastPass reveals that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident.
Account Takeover
Mining and quarrying
CC
US
LastPass
50
22/12/2022
Since at least 22/11/2022
-
?
Vulnerable WordPress sites
Researchers at Wordfence reveal that attackers are actively targeting CVE-2022-45359, a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites.
CVE-2022-45359 Vulnerability
Multiple Industries
CC
>1
Wordfence, CVE-2022-45359, YITH WooCommerce Gift Cards Premium, WordPress
51
22/12/2022
Since at least 13/12/2022
13/12/2022
Russian threat actors
Multiple organizations
Researchers from Flashpoint and Sekoia discover a new information-stealing malware named ‘RisePro’, distributed through fake cracks sites operated by the PrivateLoader pay-per-install (PPI) malware distribution service.
Malware
Multiple Industries
CC
>1
Flashpoint, Sekoia, RisePro, PrivateLoader
52
22/12/2022
08/12/2022
-
Hive and BlackCat AKA ALPHV
Jakks Pacific
Toy production giant Jakks Pacific reports a cyberattack to the U.S. Securities and Exchange Commission after two different ransomware gangs posted stolen information to their leak site.
Malware
Manufacturing
CC
US
Jakks Pacific, U.S. Securities and Exchange Commission, Hive, BlackCat, ALPHV, ransomware
53
22/12/2022
-
17/10/2022
?
Robins & Morton Group
Robins & Morton Group files notice of a data breach after an unauthorized party was able to access files on the company’s computer system containing confidential consumer information.
Unknown
Mining and quarrying
CC
US
Robins & Morton Group
54
22/12/2022
11/02/2022 and between 07/04/2022 and 21/04/2022
During November 2022
?
Legacy Hospice
Legacy Hospice notifies 21,202 individuals of a breach that stemmed from unauthorized access to a limited number of employee email accounts. The access occurred on February 11, 2022 and again between April 7 and April 21.
Account Takeover
Human health and social work
CC
US
Legacy Hospice
55
22/12/2022
Late September 2022
-
?
Midwest Orthopaedic Consultants (MOC)
Midwest Orthopaedic Consultants (MOC) notifies 6,818 of a breach after learning that an unauthorized party may have gained access to its network and encrypted files.
Malware
Human health and social work
CC
US
Midwest Orthopaedic Consultants, MOC, ransomware
56
22/12/2022
'Recently'
'Recently'
Putin Team, BlueSky, meow
Multiple organizations
Researchers from Cyble discover a new group of ransomware strains targeting multiple organizations.
Malware
Multiple Industries
CC
>1
Putin Team, BlueSky, meow, ransomware, Cyble
57
22/12/2022
'Recently'
'Recently'
Vidar
Multiple organizations
Researches from AhnLab discover a new version of the Vidar Infostealer using multiple social networks platforms, such as TikTok, Telegram, Steam, and Mastodon as an intermediary C2 server.
Malware
Multiple Industries
CC
>1
AhnLab, Vidar, TikTok, Telegram, Steam, Mastodon
58
22/12/2022
End of November 2022
25/11/2022
?
Individuals in China
Researchers from HP discover a phishing campaign abusing QR codes to steal credit card details.
Account Takeover
Finance and insurance
CC
CN
HP, QR Code
59
22/12/2022
'Recently'
'Recently'
STEPPY#KAVACH
Indian Government
Researchers from Securonix identify a new campaign related to a malicious threat actor tracked as STEPPY#KAVACH targeting victims likely associated with the Indian government.
Targeted Attack
Public admin and defence, social security
CE
IN
Securonix, STEPPY#KAVACH
60
22/12/2022
-
-
?
Queensland University of Technology
Queensland University of Technology shuts IT systems after being hit by ransomware attack.
Malware
Education
CC
AU
Queensland University of Technology, ransomware
61
23/12/2022
-
-
Ryushi
Twitter
A threat actor named Ryushi claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability.
API vulnerability
Information and communication
CC
US
Ryushi, Twitter
62
23/12/2022
30/09/2022
30/09/2022
?
IBW Financial Corporation
IBW Financial Corporation reports a data breach with the Attorney General of Montana after discovering that sensitive consumer information was compromised following what appears to have been a cyberattack committed against the company’s computer network.
Account Takeover
Finance and insurance
CC
US
IBW Financial Corporation
63
23/12/2022
SInce at least early September 2022
Early September 2022
Lazarus Group
Crypto users
Researchers from SlowMist reveal that the North Korean Lazarus Group set up hundreds of phishing websites, impersonating popular non-fungible token (NFT) platforms and decentralized finance (DeFi) marketplaces.
Account Takeover
Fintech
CC
>1
SlowMist, North Korea, Lazarus Group, NFT, DeFi
64
23/12/2022
-
-
?
Multiple organizations
Researchers from Trend Micro discover a campaign abusing the Google Ads platform to spread the IcedID malware.
Advertising fraud
Multiple Industries
CC
>1
Trend Micro, Google Ads, IcedID
65
23/12/2022
'Recently'
'Recently'
?
Individuals
Researchers from Cyble discover a new YouTube bot malware that can steal sensitive information, and perform activities such as viewing, liking, and commenting on YouTube videos.
Malware
Individual
CC
>1
Cyble, YouTube
66
23/12/2022
-
12/12/2022
LockBit 3.0
Financiera Reyes
The LockBit ransomware gangs claims to have attacked Financiera Reyes.
Malware
Finance and insurance
CC
MX
Financiera Reyes, LockBit, ransomware
67
23/12/2022
-
12/12/2022
LockBit 3.0
Amazing Global
The LockBit ransomware gangs claims to have attacked Amazing Global
Malware
Professional, scientific and technical
CC
VE
Amazing Global, LockBit, ransomware
68
23/12/2022
-
-
LockBit 3.0
Veolus
The LockBit ransomware gang claims to have attacked Velous, a sustainability company.
Malware
Professional, scientific and technical
CC
MX
Veolus, LockBit, ransomware
69
23/12/2022
-
10/12/2022
LockBit 3.0
Biotipo
The LockBit ransomware gang claims to have attacked Biotipo, a textile firm company.
Malware
Wholesale and retail
CC
BR
Biotipo, LockBit, ransomware
70
23/12/2022
-
27/11/2022
?
Beacon Insurance Company
Beacon Insurance Company has some data leaked.
Unknown
Finance and insurance
CC
TT
Beacon Insurance Company
71
23/12/2022
23/11/2022
23/11/2022
?
Independent School District 728
Independent School District 728 is hit with a ransomware attack.
Malware
Education
CC
US
Independent School District 728, ransomware
72
23/12/2022
-
21/12/2022
LoCkBit 3.0
Bavelloni
Bavelloni, an Italian manufacturing company, is hit with a LockBit ransomware attack.
Malware
Manufacturing
CC
IT
Bavelloni, LockBit, ransomware
73
26/12/2022
25/12/2022
25/12/2022
?
BitKeep crypto wallet users
Multiple BitKeep crypto wallet users who downloaded an unofficial version of the BitKeep app.report that their wallets were emptied during Christmas after hackers triggered transactions that didn't require verification.
Malware
Fintech
CC
>1
BitKeep, Christmas
74
26/12/2022
3/12/2022
3/12/2022
?
BTC.com
BTC.com, one of the world's largest cryptocurrency mining pools, announces it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company.
Unknown
Fintech
CC
CN
BTC.com
75
26/12/2022
25/12/2022
25/12/2022
LockBit 3.0
Port of Lisbon Administration (APL)
The LockBit ransomware gang claims to have hit the Port of Lisbon (Porto de Lisboa)
Malware
Transportation and storage
CC
PL
LockBit, ransomware, Port of Lisbon, Porto de Lisboa, APL
76
26/12/2022
-
-
Kimsuky AKA Thallium, Black Banshee and Velvet Chollima
Nearly 900 foreign policy experts from South Korea
The South Korean National Police Agency reveals that the North Korean state-sponsored APT Kimsuky group targeted nearly 900 foreign policy experts from South Korea to steal their personal information and carry out ransomware attacks.
Targeted Attack
Public admin and defence, social security
CE
KR
Kimsuky, Thallium, Black Banshee and Velvet Chollima
77
27/12/2022
01/12/2022
01/12/2022
Royal
Intrado
The Royal Ransomware gang claims responsibility for a cyber attack against telecommunications company Intrado.
Malware
Information and communication
CC
US
Royal, ransomware, Intrado
78
27/12/2022
19/12/2022
19/12/2022
LockBit 3.0
City of Mount Vernon
The city of Mount Vernon, Ohio reveals that its police department, municipal court and other government offices were affected by a LockBit ransomware attack.
Malware
Public admin and defence, social security
CC
US
Mount Vernon, Ohio, LockBit, ransomware
79
27/12/2022
Since at least October 2022
October 2022
BlueNoroff AKA HiddenCobra
Financial organizations in Japan, UAE, US and Vietnam
Researchers from Kaspersky discover a new campaign by the North Korean group BlueNoroff targeting banks and venture capital firms with a new malware arsenal.
Malware
Finance and insurance
CC
JP
UAE
US
VN
Kaspersky, North Korea, BlueNoroff, HiddenCobra
80
27/12/2022
'Recently'
'Recently'
?
Indian citizens
Researchers from Cyble and Intelligence Labs discover a campaign monitoring user complaints on Twitter to target Indian citizens.
Account Takeover
Individual
CC
IN
Cyble, Intelligence Labs, Twitter
81
27/12/2022
During April 2022
-
Black Basta
Sargent & Lundy
Sargent & Lundy, an engineering firm that designs power stations, is hit with a Black Basta ransomware attack.
Malware
Manufacturing
CC
US
Sargent & Lundy, Black Basta, ransomware
82
27/12/2022
Since at least mid-December 2022
Mid-December 2022
PureCoder
Multiple organizations
Researchers from Cyble discover a new threat actor dubbed PureCoder, selling multiple malware, including miners, information stealers, and crypters, on the dark web.
Malware
Multiple Industries
CC
>1
Cyble, PureCoder
83
27/12/2022
-
20/12/2022
BianLian
St. Rose Hospital
St. Rose Hospital is hit with an alleged BianLian ransomware attack.
Malware
Human health and social work
CC
US
St. Rose Hospital, BianLian, ransomware
84
28/12/2022
-
-
?
Multiple organizations
Researchers from Guardio Labs reveal that malware operators are increasingly abusing the Google Ads platform to spread malware.
Advertising fraud
Multiple Industries
CC
>1
Guardio Labs, Google Ads
85
28/12/2022
During October 2022
During October 2022
?
3Commas
An anonymous Twitter user publishes a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform.
Unknown
Fintech
CC
EE
Twitter, 3Commas
86
28/12/2022
23/12/2022
23/12/2022
?
Arnold Clark
Car dealership Arnold Clark discloses it was targeted by hackers in a devastating Christmas Eve cyber attack.
Unknown
Wholesale and retail
CC
UK
Arnold Clark
87
28/12/2022
-
27/12/2022
shadowhacker
Undisclosed company
A threat actor posts the data of 30 million users from the Indian Railway Catering and Tourism Corporation (IRCTC), The company denies the breach claims.
Unknown
Unknown
CC
IN
Indian Railway Catering and Tourism Corporation, IRCTC, shadowhacker
88
28/12/2022
Between 05/04/2022 and 15/04/2022
14/03/2022
?
Elevate Services
Elevate Services files notice of a data breach after the company experienced what appears to have been a ransomware attack that leaked confidential information belonging to certain consumers
Malware
Administration and support service
CC
US
Elevate Services, ransomware
89
29/12/2022
28/12/2022
28/12/2022
Snatch Team
Centro Turistico Giovanile
The Snatch Team leaks some data belonging to a non-profit Italian organization: Centro Turistico Giovanile
Malware
Human health and social work
CC
IT
Snatch Team, ransomware, Centro Turistico Giovanile
90
29/12/2022
-
-
?
Banking users in Kazakhstan
A group of imposters operating out of a Ukrainian call center defrauded thousands of victims while pretending to be IT security employees at their banks.
Account Takeover
Finance and insurance
CC
KZ
Ukraine, Kazakhstan
91
29/12/2022
27/12/2022
27/12/2022
?
Canadian Copper Mountain Mining Corporation (CMMC)
The Canadian Copper Mountain Mining Corporation (CMMC) announces that it was the target of a ransomware attack that impacted its operations.
Malware
Mining and quarrying
CC
CA
Canadian Copper Mountain Mining Corporation, CMMC, ransomware
92
29/12/2022
-
-
Royal
Iowa Public Television (PBS)
The Royal ransomware group claims to have hacked the Iowa Public Television (PBS), Iowa’s public broadcasting network.
Malware
Information and communication
CC
US
Royal, ransomware, Iowa Public Television, PBS
93
29/12/2022
-
04/12/2022
?
Howard Memorial Hospital (HMH)
Howard Memorial Hospital (HMH) provides notice of a data breach on its website after receiving reports that an unauthorized party had stolen patient information from the hospital’s computer network during a cyberattack.
Unknown
Human health and social work
CC
US
Howard Memorial Hospital, HMH
94
29/12/2022
-
17/09/2022
?
Five Guys Enterprises
Five Guys Enterprises files notice of a data breach with the various attorney general offices across the country after learning about a cyberattack that compromised confidential information related to individuals who applied to work for the company.
Unknown
Accommodation and food service
CC
US
Five Guys Enterprises
95
29/12/2022
-
-
?
Bay Bridge Administrators
Bay Bridge Administrators files notice of a data breach after an unauthorized party was able to access sensitive consumer information stored on the company’s computer network.
Unknown
Administration and support service
CC
US
Bay Bridge Administrators
96
29/12/2022
26/12/2022
26/12/2022
?
Cott Systems
Cott Systems, a cloud-based solutions provider, informs its customers that an "organized cyberattack" had hit the company systems and resulted in "unusual activity" on its servers. Over 400 local governments are affected.
Unknown
Professional, scientific and technical
CC
US
Cott Systems
97
29/12/2022
-
23/11/2022
CatB
Multiple organizations
Researchers from Minerva Labs discover a new ransomware strain, dubbed CatB, which performs MSDTC service DLL Hijacking to silently execute its payload.
Malware
Multiple Industries
CC
>1
Minerva Labs, MSDTC, DLL Hijacking, ransomware
98
29/12/2022
-
20/12/2022
Ragnar Locker
Azienda Ospedaliera di Alessandria
The Azienda Ospedaliera di Alessandria is hit with a Ragnar Locker ransomware attack.
Malware
Human health and social work
CC
IT
Azienda Ospedaliera di Alessandria, Ragnar Locker, ransomware
99
29/12/2022
27/12/2022
27/12/2022
PHOBOS
Advanced Systems
Advanced Systems, an Italian IT provider is hit with a PHOBOS ransomware attack. Many local governments are impacted.
Malware
Professional, scientific and technical
CC
IT
Advanced Systems, PHOBOS, ransomware
100
29/12/2022
-
Between 31/05/2022 and 24/06/2022
?
MJ Care
MJ Care notifies 1,832 patients that some of their protected health information has potentially been accessed or obtained by an unauthorized individual.
Account Takeover
Human health and social work
CC
US
MJ Care
101
30/12/2022
-
-
GhostWriter
Public figures in Poland
The Polish government reveals that it was hit by a disinformation campaign launched by the pro-Russian GhostWriter group.
Coordinated Inauthentic Behavior
Public admin and defence, social security
CW
PL
GhostWriter, Russia, Ukraine, Poland
102
30/12/2022
During November 2022
During November 2022
NoName057(16)
Website of the Polish parliament (Sejm)
The Polish government reveals that the website of the Polish parliament (Sejm) was hit with a DDoS attack by the pro-Russian NoName057(16) group.
The US Cybersecurity and Infrastructure Security Agency (CISA) adds two Tibco JasperReports flaws to its Known Exploited Vulnerabilities Catalog.
CVE-2018-5430 and CVE-2018-18809 vulnerabilities
Multiple Industries
N/A
US
US Cybersecurity and Infrastructure Security Agency, CISA, Tibco, JasperReports
104
30/12/2022
-
-
?
WordPress websites
Researchers from Doctor Web discover a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes.
Multiple vulnerabilities
Multiple Industries
CC
>1
Doctor Web, Linux, Linux.BackDoor.WordPressExploit.1, WordPress
105
30/12/2022
-
01/07/2022
?
Retreat Behavioral Health
Retreat Behavioral Health filed notice of a data breach after the company learned it had been the target of a ransomware attack that compromised confidential information belonging to certain patients.
Malware
Human health and social work
CC
US
Retreat Behavioral Health, ransomware
106
30/12/2022
30/12/2022
30/12/2022
?
CentraState Healthcare System
CentraState Healthcare System experiences an IT network issue that is impacting some of its patient services.
Unknown
Human health and social work
CC
US
CentraState Healthcare System
107
30/12/2022
During 2022
During 2022
RedZei (AKA "RedThief").
Chinese-speaking students in the United Kingdom
Chinese threat actors have been targeting Chinese-speaking students in the United Kingdom with a unique phone scam that aims to steal their personal information with repeated phone calls and voicemails that are hard for victims or carriers to block.
Account Takeover
Education
CC
UK
RedZei
108
30/12/2022
-
28/12/2022
?
Telekom Malaysia
Telekom Malaysia confirms that a data breach affected its Unifi Mobile users, both individual customers and small and medium-sized enterprises (SMEs).
Unknown
Information and communication
CC
MY
Telekom Malaysia
109
30/12/2022
-
25/12/2022
?
Maybank
A threat actor leaks a database with 1.8 million lines that were allegedly sourced from Maybank. However after an investigation the bank denies the claim,
Unknown
Finance and insurance
CC
MY
Maybank
110
30/12/2022
-
25/12/2022
?
Astro
A threat actor leaks a database with 10.7 million lines that were allegedly sourced from Astro.
Unknown
Information and communication
CC
MY
Astro
111
30/12/2022
-
25/12/2022
?
Malaysia Election Committee (SPR)
A threat actor leaks a database with 10.7 million lines that were allegedly sourced from Malaysia Election Committee (SPR).
Unknown
Public admin and defence, social security
CC
MY
Malaysia Election Committee, SPR
112
30/12/2022
-
19/12/2022
?
Monte Cristalina S.A
Monte Cristalina S.A. is added to LockBit 3.0 ransomware leak site. The group claims to have 135GB of information about the holding company, and uploads some data as proof.
Malware
Other service activities
CC
BR
Monte Cristalina, LockBit, ransomware
113
30/12/2022
-
28/12/2022
Snatch Team
Einatec
Einatec is added to the Snatch Team’s leak site. The threat actors claim to possess 105GB of data.
Malware
Professional, scientific and technical
CC
ES
Einatec, Snatch Team, ransomware
114
30/12/2022
-
18/12/2022
Play
Cervecería Regional
Cervecería Regional is hit with a Play ransomware attack.
Malware
Accommodation and food service
CC
VE
Cervecería Regional, Play, Ransomware
115
30/12/2022
30/12/2022
30/12/2022
rootkitsecurity
Iran Airlines
In name of OpIran rootkitsecurity, a group affiliated with the Anonymous collective takes down the website of Iran Airlines.
DDoS
Transportation and storage
H
IR
OpIran, rootkitsecurity, Anonymous, Iran Airlines
116
30/12/2022
Between 13/10/2022 and 19/10/2022
01/11/2022
?
L. Knife & Son
L. Knife & Son files notice of a data breach after learning that an unauthorized party gained access to confidential consumer data stored on the company’s computer network.
Unknown
Accommodation and food service
CC
US
L. Knife & Son
117
31/12/2022
31/12/2022
31/12/2022
Pro-Ukraine hacktivists
Several Iranian websites, including the website of Iran’s supreme leader Ali Khamenei, and the National Iranian Oil Company (NIOC).
Pro-Ukraine hacktivists claim to have launched distributed denial-of-service attacks on several Iranian websites, including the website of Iran’s supreme leader Ali Khamenei, and the National Iranian Oil Company (NIOC).
DDoS
Public admin and defence, social security
H
IR
Ukraine, Iran, Ali Khamenei, National Iranian Oil Company, NIOC
118
31/12/2022
Between 25/12/2022 and 30/12/2022, 2022
31/12/2022
?
Python users
PyTorch, a machine learning framework, identifies a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector.
Malware
Multiple Industries
CC
>1
PyTorch, torchtriton, dependency confusion
119
31/12/2022
15/03/2022
26/06/2022
LockBit 3.0
Wabtec Corporation
U.S. rail and locomotive company Wabtec Corporation discloses a data breach that exposed personal and sensitive information, following a LockBit ransomware attack.
Malware
Manufacturing
CC
US
Wabtec Corporation, LockBit, ransomware
120
31/12/2022
27/12/2022
29/12/2022
?
Slack
Slack reveals to have suffered a security incident, with threat actors gaining access to Slack's externally hosted GitHub repositories via a "limited" number of Slack employee tokens that were stolen.
Account Takeover
Professional, scientific and technical
CC
US
Slack, GitHub
121
31/12/2022
-
-
LockBit 3.0
Housing Authority of the City of Los Angeles (HACLA)
The Housing Authority of the City of Los Angeles (HACLA) is hit with a LockBit ransomware attack.
Malware
Public admin and defence, social security
CC
US
Housing Authority of the City of Los Angeles, HACLA, LockBit, ransomware
122
31/12/2022
-
-
Endurance
Volvo Cars
A threat actor going with the moniker IntelBroker, announces that VOLVO CARS fell victim to an Endurance ransomware attack and the attackers exfiltrated 200GB of sensitive data that are now on sale.
Malware
Manufacturing
CC
SE
IntelBroker, VOLVO CARS, Endurance, ransomware
ID
Date Reported
Date Occurred
Date Discovered
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
SUPPORT MY WORK!
BREACHOMETER
The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
After the cyber attacks timelines (part I and part II), it’s time to publish the statistics of March 2023 where I have collected and analyzed 334 events, which...
April 2023 Cyber Attacks Timeline
2020 Cyber Attacks Statistics
The Biggest Data Breaches of 2023
March 2023 Cyber Attacks Statistics
2022 Cyber Attacks Statistics
