PhishProtection.com “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout
An Updated Feed of All Significant Phishing Attacks
This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.
BlackCat wants $5 million from Carinthia.
27th May 2022 | Target: Austrian state – Carinthia | Reported Here
Austrian federal state Carinthia was hit by the BlackCat ransomware gang, also known as ALPHV and the group demanded a $5 million to unlock the encrypted computer systems.
The attack which occurred on Tuesday caused severe operational disruption of government services, as thousands of workstations have allegedly been locked by the threat actor.
[above via Cyber News post]
Nikkei’s Asian unit hit by ransomware attack
19th May 2022 | Target: Nikkei | Reported Here
Publishing giant Nikkei disclosed that the group’s headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13, 2022.
“Unauthorized access to the server was first detected on May 13, prompting an internal probe,” the company revealed in a press release published on Thursday.
Hackers target Tatsu WordPress plugin in millions of attacks
17th May 2022 | Target: Tatsu WordPress | Reported Here
Tens of thousands of WordPress websites are potentially at risk of compromise as part of an ongoing large-scale attack targeting a remote code execution vulnerability in the Tatsu Builder plugin.
Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory.
Dis-Chem Data Breach Affecting 3.6 Million Customers
11th May 2022 | Target: Dis-Chem | Reported Here
Dis-Chem has confirmed an “unauthorised party” gained access to a database containing the personal information of more than 3.6-million people which could be used for criminal activities, such as phishing attacks.
The information includes first names and surnames, email addresses and cellphone numbers.
[above via Sowetanlive post] Update 1
Killnet targeted the websites of several Italian institutions
11th May 2022 | Target: Italian institutions websites | Reported Here
Pro-Russian hackers have attacked the websites of several Italian institutions, including the senate, ANSA news agency reported on Wednesday.
The hacker group “Killnet” claimed the attack, ANSA said, which also targeted the National Health Institute (ISS) and the Automobile Club d’Italia, a national drivers’ association.
Illinois college, hit by ransomware attack, to shut down
9th May 2022 | Target: Illinois college | Reported Here
Lincoln College, a historically Black college in Illinois, will close this week after 157 years, saying it could not survive the financial challenges of the coronavirus pandemic and a ransomware attack last year.
“The loss of history, careers, and a community of students and alumni is immense,” David Gerlach, the college’s president, said in a statement.
[above via NewYork Times post] Update 1
Sixt announced it was hit by a cyberattack
2nd May 2022 | Target: Sixt | Reported Here
Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branches.
Sixt is a German-based vehicle rental, car sharing, and ride-hailing service provider operating about two thousand locations in over 105 countries.
Ransomware Attack Closes Michigan College
2nd May 2022 | Target: Michigan College | Reported Here
A college in Michigan has closed its campuses and canceled classes after falling victim to a cyber-attack.
Kellogg Community College, which is based in Battle Creek and serves approximately 7000 students annually, was targeted with ransomware on Friday.
[above via Info Security post] Update 1
Stormous ransomware gang claims to have hacked Coca-Cola
26th April 2022 | Target: Coca-Cola | Reported Here
The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. The extortion group announced to have hacked some servers of the company and stole 161GB.
The group recently launched a poll asking members of its Telegram channel to choose the next company to target and Coca-Cola was the most voted firm.
rowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems.
Nation-state Hackers Target Journalists with Goldbackdoor Malware
25th April 2022 | Target: Coca-Cola | Reported Here
Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believed to have started in March and is ongoing, researchers have found.
Researchers at Stairwell followed up on an initial report from South Korea’s NK News, which revealed that a North Korean APT known as APT37 had stolen info from the private computer of a former South Korean intelligence official.
[above via Threatpost post] Update 1
Lemon Duck cryptomining botnet is targeting Docker servers
22nd April 2022 | Target: Docker | Reported Here
Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems.
The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was gaining access to the MS SQL service via brute-force attacks and leveraging the EternalBlue exploit.
Terra Users Lose $4.3M in Crypto to Phishing Scam Over 10 Days
21st April 2022 | Target: Terra network | Reported Here
The Terra users could lose up to $4.3 million in crypto to a phishing scam in over 10 days because of a deceptive Google Ad scam for private keys that netted millions already from users in the past week so let’s read more today in our latest blockchain news.
SlowMist a blockchain security company identified dozens of crypto addresses that appeared to become victims of a phishing scam on the Terra network since April 12th and the scammer’s addresses reportedly reeled in $4.31 million in assets up until the time of writing.
[above via Cryptosnewz post] Update 1 / Update 2
Snap-on discloses data breach
8th April 2022 | Target: Cash App | Reported Here
The Conti ransomware gang has struck again. Last month the hackers added a new victim to its data leak website: Kenosha, Wisconsin-based Snap-On Tools. In mid-March Conti posted just under 1Gb of files allegedly stolen during a breach of Snap-On’s network.ock, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.
[above via Forbes post]
SuperCare Health Data Breach
7th April 2022 | Target: SuperCare Health | Reported Here
SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others.
The company notified impacted individuals and law enforcement agencies.
The company told the US Department of Health and Human Services that the data breach has impacted 318,379 individuals.
Block confirms Cash App breach
6th April 2022 | Target: Cash App | Reported Here
Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the firm revealed in a April 4 filing with the U.S. Securities and Exchange Commission (SEC).
[above via The Hack News post] Update 1
The Works forced to close some stores after cyber-attack
5th April 2022 | Target: The Works | Reported Here
A cyber-attack has forced UK toy, book, and stationery retailer The Works to close a number of stores and temporarily suspend replenishment deliveries.
According to a statement issued yesterday (April 5), “unauthorised access to its computer systems” caused “limited disruption to trading and business operations”.
[above via Ports Swigger post] Update 1
German wind turbine maker shut down after cyberattack
4th April 2022 | Target: Nordex Group | Reported Here
Nordex Group, one of the world’s largest manufacturers of wind turbines, fell victim to a cyberattack that forced it to take down multiple systems.
The Hamburg, Germany-based company announced over the weekend that it detected the intrusion on Thursday, March 31, and that it immediately deployed measures “in line with crisis management protocols.”
Hackers breached Mailchimp to target crypto holders
30th March 2022 | Target: Globant | Reported Here
Cryptocurrency hardware wallet owners are being targeted by a phishing scam spread via Mailchimp email distribution services.
Trezor, the manufacturer of crypto wallets, announced on social media that its customers are being sent fake data breach notifications via its newsletters powered by Mailchimp.
[above via Port Swigger post] Update 1
Globant discloses hack after Lapsus$ leaks 70GB of stolen data
30th March 2022 | Target: Globant | Reported Here
IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors.
As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers source code.”
$625M stolen from Axie Infinity ‘s Ronin bridge
29th March 2022 | Target: Axie Infinity’s Ronin | Reported Here
The latest crypto hack may be the largest yet. The gaming-focused Ronin Network announced Tuesday a loss of over $625 million in USDC and ether (ETH). According to a blog post published by the Ronin Network’s official Substack, the exploit affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.
Ukrtelecom has confirmed a cyberattack on its core infrastructure
28th March 2022 | Target: Ukrtelecom | Reported Here
On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom. According to global internet monitor service NetBlock, real-time network data showed connectivity collapsed to 13% of pre-war levels. The attack caused the most severe destruction observed since the invasion of the country by Russia.
Anonymous hacks Central Bank of Russia
24th March 2022 | Target: Central Bank of Russia | Reported Here
News of Anonymous’s hack was shared on Twitter by one of the group’s accounts, @YourAnonTV. JUST IN: The #Anonymous collective has hacked the Central Bank of Russia. More than 35.000 files will be released within 48 hours with secret agreements.
Okta says 375 customers impacted by the hack
23rd March 2022 | Target: Okta Software company | Reported Here
Okta says that a rapid investigation into the sharing of screenshots appearing to show a data breach has revealed they relate to a “contained” security incident that took place in January 2022. Okta, an enterprise identity and access management firm, launched an inquiry after the LAPSUS$ hacking group posted screenshots on Telegram that the hackers claimed were taken after obtaining access to “Okta.com Superuser/Admin and various other systems.”
Cyberattack on ELTA played down by official
22nd March 2022 | Target: Hellenic Post Postal service | Reported Here The Greek postal service Hellenic Post – or ELTA – has disclosed information on a ransomware incident that forced the organization to pull a majority of its operations offline. The company, in a statement on Monday, said that the suspension was temporary. But the impact appears to be ongoing, based on the organization’s Tuesday statement, which shows that it continues to work toward restoring services.
Lapsus$ gang hacked Microsoft source code repositories
21st March 2022 | Target: Microsoft | Reported Here Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. Last night, the Lapsus$ gang released 37GB of source code stolen from Microsoft’s Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana, and Bing Maps.
TransUnion data breach leaves 54 million South Africans exposed
19th March 2022 | Target: TransUnion | Reported Here TransUnion believes claims by its alleged hackers that 54 million South African records were compromised are actually from an old incident that has nothing to do with the current cyber attack on the credit bureau. “We believe that the 54 million records relate to a 2017 data incident unrelated to TransUnion,” it told Fin24 on Saturday.
Hackers Hit Rosneft
14th March 2022 | Target: Rosneft | Reported Here A cyber-attack has compromised the computer network of the German subsidiary of Moscow-based Russian energy company Rosneft. German newspaper die Welt reported the security incident on Sunday, describing it as a hacking attack. According to the newspaper, Germany’s cybersecurity watchdog BSI had confirmed the breach and offered to help Rosneft restore its systems.
DENSO hit by new Pandora ransomware gang
14th March 2022 | Target: DENSO | Reported Here The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.” Clients include Toyota, Honda, General Motors, and Ford. Consolidated revenue in the 2020-2021 fiscal year was reported as $44.6 billion.
Ubisoft Confirms Cyberattack
12th March 2022 | Target: Ubisoft | Reported Here Ubisoft has admitted that a cyber security incident temporarily disrupted some games, systems and services. The incident came to light after graphics chip maker Nvidia and South Korean giant Samsung suffered a data breach this month.he company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.”
Bridgestone Americas confirms ransomware attack
11th March 2022 | Target: Bridgestone Americas | Reported Here LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company. The Bridgestone Americas family of enterprises includes more than 50 production facilities and 55,000 employees throughout the Americas.