Phishing Watchdog


Phishing Watchdog “Phishing Watchdog” Is A Timeline of All Major Phishing Attacks Reported As They Breakout


An Updated Feed of All Significant Phishing Attacks

This is a comprehensive and frequently updated resource page that lists all the significant Phishing Attacks as they are discovered and happen online. Each attack is summarized here with links to further information about each attack. The list below is updated instantly with threat details as soon as the attack is verified to be authentic.



BlackCat wants $5 million from Carinthia.

27th May 2022 | Target: Austrian state – Carinthia | Reported Here

Austrian federal state Carinthia was hit by the BlackCat ransomware gang, also known as ALPHV and the group demanded a $5 million to unlock the encrypted computer systems.

The attack which occurred on Tuesday caused severe operational disruption of government services, as thousands of workstations have allegedly been locked by the threat actor.



[above via Cyber News post]


Nikkei’s Asian unit hit by ransomware attack

19th May 2022 | Target: Nikkei | Reported Here

Publishing giant Nikkei disclosed that the group’s headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13, 2022.

“Unauthorized access to the server was first detected on May 13, prompting an internal probe,” the company revealed in a press release published on Thursday.



[above via Bleeping Computer post] Update 1


Hackers target Tatsu WordPress plugin in millions of attacks

17th May 2022 | Target: Tatsu WordPress | Reported Here

Tens of thousands of WordPress websites are potentially at risk of compromise as part of an ongoing large-scale attack targeting a remote code execution vulnerability in the Tatsu Builder plugin.

Tracked as CVE-2021-25094 (CVSS score of 8.1), the vulnerability exists because one of the supported actions does not require authentication when uploading a zip file that is extracted under the WordPress upload directory.



[above via Security Week post] Update 1


Dis-Chem Data Breach Affecting 3.6 Million Customers

11th May 2022 | Target: Dis-Chem | Reported Here

Dis-Chem has confirmed an “unauthorised party” gained access to a database containing the personal information of more than 3.6-million people which could be used for criminal activities, such as phishing attacks.

The information includes first names and surnames, email addresses and cellphone numbers.



[above via Sowetanlive post] Update 1


Killnet targeted the websites of several Italian institutions

11th May 2022 | Target: Italian institutions websites | Reported Here

Pro-Russian hackers have attacked the websites of several Italian institutions, including the senate, ANSA news agency reported on Wednesday.

The hacker group “Killnet” claimed the attack, ANSA said, which also targeted the National Health Institute (ISS) and the Automobile Club d’Italia, a national drivers’ association.



[above via US News post] Update 1 / Update 2


Illinois college, hit by ransomware attack, to shut down

9th May 2022 | Target: Illinois college | Reported Here

Lincoln College, a historically Black college in Illinois, will close this week after 157 years, saying it could not survive the financial challenges of the coronavirus pandemic and a ransomware attack last year.

“The loss of history, careers, and a community of students and alumni is immense,” David Gerlach, the college’s president, said in a statement.



[above via NewYork Times post] Update 1


Sixt announced it was hit by a cyberattack

2nd May 2022 | Target: Sixt | Reported Here

Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branches.

Sixt is a German-based vehicle rental, car sharing, and ride-hailing service provider operating about two thousand locations in over 105 countries.



[above via Bleeping Computer post] Update 1


Ransomware Attack Closes Michigan College

2nd May 2022 | Target: Michigan College | Reported Here

A college in Michigan has closed its campuses and canceled classes after falling victim to a cyber-attack.

Kellogg Community College, which is based in Battle Creek and serves approximately 7000 students annually, was targeted with ransomware on Friday.



[above via Info Security post] Update 1


Stormous ransomware gang claims to have hacked Coca-Cola

26th April 2022 | Target: Coca-Cola | Reported Here

The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. The extortion group announced to have hacked some servers of the company and stole 161GB.

The group recently launched a poll asking members of its Telegram channel to choose the next company to target and Coca-Cola was the most voted firm.

rowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems.



[above via Security Affairs post] Update 1


Nation-state Hackers Target Journalists with Goldbackdoor Malware

25th April 2022 | Target: Coca-Cola | Reported Here

Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believed to have started in March and is ongoing, researchers have found.

Researchers at Stairwell followed up on an initial report from South Korea’s NK News, which revealed that a North Korean APT known as APT37 had stolen info from the private computer of a former South Korean intelligence official.



[above via Threatpost post] Update 1


Lemon Duck cryptomining botnet is targeting Docker servers

22nd April 2022 | Target: Docker | Reported Here

Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems.

The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was gaining access to the MS SQL service via brute-force attacks and leveraging the EternalBlue exploit.


[above via Security Affairs post]


Terra Users Lose $4.3M in Crypto to Phishing Scam Over 10 Days

21st April 2022 | Target: Terra network | Reported Here

The Terra users could lose up to $4.3 million in crypto to a phishing scam in over 10 days because of a deceptive Google Ad scam for private keys that netted millions already from users in the past week so let’s read more today in our latest blockchain news.

SlowMist a blockchain security company identified dozens of crypto addresses that appeared to become victims of a phishing scam on the Terra network since April 12th and the scammer’s addresses reportedly reeled in $4.31 million in assets up until the time of writing.


[above via Cryptosnewz post] Update 1 / Update 2


Snap-on discloses data breach

8th April 2022 | Target: Cash App | Reported Here

The Conti ransomware gang has struck again. Last month the hackers added a new victim to its data leak website: Kenosha, Wisconsin-based Snap-On Tools. In mid-March Conti posted just under 1Gb of files allegedly stolen during a breach of Snap-On’s network.ock, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.


[above via Forbes post]


SuperCare Health Data Breach

7th April 2022 | Target: SuperCare Health | Reported Here

SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others.

The company notified impacted individuals and law enforcement agencies.

The company told the US Department of Health and Human Services that the data breach has impacted 318,379 individuals.


[above via Security Affairs post] Update 1


Block confirms Cash App breach

6th April 2022 | Target: Cash App | Reported Here

Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers.

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the firm revealed in a April 4 filing with the U.S. Securities and Exchange Commission (SEC).


[above via The Hack News post] Update 1


The Works forced to close some stores after cyber-attack

5th April 2022 | Target: The Works | Reported Here

A cyber-attack has forced UK toy, book, and stationery retailer The Works to close a number of stores and temporarily suspend replenishment deliveries.

According to a statement issued yesterday (April 5), “unauthorised access to its computer systems” caused “limited disruption to trading and business operations”.


[above via Ports Swigger post] Update 1


German wind turbine maker shut down after cyberattack

4th April 2022 | Target: Nordex Group | Reported Here

Nordex Group, one of the world’s largest manufacturers of wind turbines, fell victim to a cyberattack that forced it to take down multiple systems.

The Hamburg, Germany-based company announced over the weekend that it detected the intrusion on Thursday, March 31, and that it immediately deployed measures “in line with crisis management protocols.”


[above via Security Week post] Update 1


Hackers breached Mailchimp to target crypto holders

30th March 2022 | Target: Globant | Reported Here

Cryptocurrency hardware wallet owners are being targeted by a phishing scam spread via Mailchimp email distribution services.

Trezor, the manufacturer of crypto wallets, announced on social media that its customers are being sent fake data breach notifications via its newsletters powered by Mailchimp.


[above via Port Swigger post] Update 1


Globant discloses hack after Lapsus$ leaks 70GB of stolen data

30th March 2022 | Target: Globant | Reported Here

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors.

As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers source code.”


[above via Bleeping Computer post] Update 1


$625M stolen from Axie Infinity ‘s Ronin bridge

29th March 2022 | Target: Axie Infinity’s Ronin | Reported Here

The latest crypto hack may be the largest yet. The gaming-focused Ronin Network announced Tuesday a loss of over $625 million in USDC and ether (ETH). According to a blog post published by the Ronin Network’s official Substack, the exploit affected Ronin Network validator nodes for Sky Mavis, the publishers of the popular Axie Infinity game, and the Axie DAO.

[above via Coin Desk post] Update 1 / Update 2

Ukrtelecom has confirmed a cyberattack on its core infrastructure

28th March 2022 | Target: Ukrtelecom | Reported Here

On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom. According to global internet monitor service NetBlock, real-time network data showed connectivity collapsed to 13% of pre-war levels. The attack caused the most severe destruction observed since the invasion of the country by Russia.

[above via Security Affairs post] Update 1

Anonymous hacks Central Bank of Russia

24th March 2022 | Target: Central Bank of Russia | Reported Here

News of Anonymous’s hack was shared on Twitter by one of the group’s accounts, @YourAnonTV. JUST IN: The #Anonymous collective has hacked the Central Bank of Russia. More than 35.000 files will be released within 48 hours with secret agreements.

[above via Finextra post] Update 1 / Update 2

Okta says 375 customers impacted by the hack

23rd March 2022 | Target: Okta Software company | Reported Here

Okta says that a rapid investigation into the sharing of screenshots appearing to show a data breach has revealed they relate to a “contained” security incident that took place in January 2022. Okta, an enterprise identity and access management firm, launched an inquiry after the LAPSUS$ hacking group posted screenshots on Telegram that the hackers claimed were taken after obtaining access to “ Superuser/Admin and various other systems.”

[above via Zdnet post] Update 1 / Update 2

Cyberattack on ELTA played down by official

22nd March 2022 | Target: Hellenic Post Postal service | Reported Here The Greek postal service Hellenic Post – or ELTA – has disclosed information on a ransomware incident that forced the organization to pull a majority of its operations offline. The company, in a statement on Monday, said that the suspension was temporary. But the impact appears to be ongoing, based on the organization’s Tuesday statement, which shows that it continues to work toward restoring services.

[above via Bank Infosecurity post] Update 1

Lapsus$ gang hacked Microsoft source code repositories

21st March 2022 | Target: Microsoft | Reported Here Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. Last night, the Lapsus$ gang released 37GB of source code stolen from Microsoft’s Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana, and Bing Maps.

[above via Bleeping Computer post] Update 1

TransUnion data breach leaves 54 million South Africans exposed

19th March 2022 | Target: TransUnion | Reported Here TransUnion believes claims by its alleged hackers that 54 million South African records were compromised are actually from an old incident that has nothing to do with the current cyber attack on the credit bureau. “We believe that the 54 million records relate to a 2017 data incident unrelated to TransUnion,” it told Fin24 on Saturday.

[above via News24 post] Update 1

Hackers Hit Rosneft

14th March 2022 | Target: Rosneft | Reported Here A cyber-attack has compromised the computer network of the German subsidiary of Moscow-based Russian energy company Rosneft. German newspaper die Welt reported the security incident on Sunday, describing it as a hacking attack. According to the newspaper, Germany’s cybersecurity watchdog BSI had confirmed the breach and offered to help Rosneft restore its systems.

[above via Infosecurity post] Update 1

DENSO hit by new Pandora ransomware gang

14th March 2022 | Target: DENSO | Reported Here The company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.” Clients include Toyota, Honda, General Motors, and Ford. Consolidated revenue in the 2020-2021 fiscal year was reported as $44.6 billion.

[above via Zdnet post]  

Ubisoft Confirms Cyberattack

12th March 2022 | Target: Ubisoft | Reported Here Ubisoft has admitted that a cyber security incident temporarily disrupted some games, systems and services. The incident came to light after graphics chip maker Nvidia and South Korean giant Samsung suffered a data breach this month.he company is a global supplier of automotive components, including those developed for autonomous vehicle features, connectivity, and mobility services. Denso says that its technologies are used in “almost all vehicles around the globe.”

[above via News18 post] Update 1

Bridgestone Americas confirms ransomware attack

11th March 2022 | Target: Bridgestone Americas | Reported Here LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company. The Bridgestone Americas family of enterprises includes more than 50 production facilities and 55,000 employees throughout the Americas.

[above via Security Affairs post]