ABI (Associazione Bancaria Italiana)
February 28, 2022
•[ ransomware, malware, finance ]
The ransomware group Vice Society claims responsibility for an attack to ABI, the Italian Bank Association, and publishes some employees data.
Moscow Exchange
February 28, 2022
•[ hack, ddos, finance ]
The Ukraine IT Army claims to have taken down the website of the Moscow Exchange.
Undetermined
February 28, 2022
•[ hack, malware, finance ]
Hackers allegedly connected to the Iranian government have been accused of targeting diamond companies in South Africa, Israel and Hong Kong with a wiper malware built to destroy data.
Sberbank
February 27, 2022
•[ leak, finance ]
Anonymous claimed to have exfiltrated and leaked a database of a Russian bank "in support of the Ukrainian people." The data was uploaded on February 27.
Undetermined
February 26, 2022
•[ hack, misconfiguration, finance ]
A number of Russia's largest domestic news websites were attacked and information replaced with a "tombstone" for the war dead. Many of the sites were then taken offline.
Undetermined
February 25, 2022
•[ social, phishing, finance ]
UNC1151 has targeted Employees of a Kazakhstani education institution. Mass phishing emails have recently been observed; after the account is compromised, the threat actiors, by the IMAP protocol, get access to all the messages. Subsequently, the attacks leverage the contact information stored in the victim's address book to propagate the phishing messages to other targets.
AON
February 25, 2022
•[ hack, finance ]
Professional services and insurance firm AON suffers a cyberattack.
Undetermined
February 24, 2022
•[ espionage, phishing, finance ]
A phishing campaign was observed using a possibly compromised Ukrainian armed service member's email account, to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. Researchers indicate there was a clear preference for targeting individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe.
Undetermined
February 23, 2022
•[ espionage, finance, government ]
More than 600 websites belonging to the defence ministry in Kyiv and other institutions suffered attacks with the launch of thousands of exploits with attempts pointed to at least 20 distinct vulnerabilities. The campaign started mid-February and peaked on 23 February. The attacks sought to infiltrate targets ranging from border defence forces to the national bank and railway authority. They were designed to steal data and explore ways to shut down or disrupt vital defence and civilian infrastructure. The Times, allegedly quoting a source at the SBU, claimed the campaign was co-ordinated by the Chinese government. The SBU went on to deny The Times report.
Undetermined
February 23, 2022
•[ hack, malware, finance ]
A number of organizations in Ukraine have been hit by a cyberattack, infecting hundreds of computers. The attack involved new data-wiping malware dubbed HermeticWiper '" a destructive malware that can delete or corrupt data on a targeted computer or network. The wiper has been detected in Ukraine, Latvia and Lithuania.
Undetermined
February 23, 2022
•[ ransomware, malware, finance ]
UAC-0082 (a.k.a. Sandworm) staged a file encryptor on the network of an agricultural firm, holding this entity at risk for future destruction. Microsoft assesses that this was likely targeting grain production, a major export commodity in Ukraine's economy.
Flurry Finance
February 22, 2022
•[ financial, hack, finance ]
Hacker steals around $295,000 from decentralized platform Flurry Finance.
Oschadbank
February 15, 2022
•[ hack, ddos, finance ]
One of Ukraine's largest banks is hammered in a string of DDOS attacks interrupting customer access to accounts.
Undetermined
February 11, 2022
•[ phishing, malware, finance ]
CERT-UA reported mass distribution of phishing emails supposedly originating from Ukrainian state bodies and targeting Ukrainian entities. The lure is a Ukrainian language translation software, leading to the infection of GrimPlant and GraphSteel.
PayBito
February 5, 2022
•[ ransomware, malware, finance ]
Lockbit ransomware gang steals a database containing personal data of 100,000 customers of PayBito cryptocurrency exchange.
Crypto
January 17, 2022
•[ financial, hack, finance ]
Crypto.com suffers a hack compromising 483 customer accounts with an impact estimated around $34 million.
Superfund
January 15, 2022
•[ leak, ransomware, finance ]
Documents Leaked on ransomware site.
CompSource Mutual Insurance Company
January 7, 2022
•[ hack, misconfiguration, finance ]
CompSource Mutual Insurance Company files a notice of data breach after determining that an unauthorized party accessed confidential consumer information stored on the company's computer system.
Express Scripts
January 5, 2022
•[ hack, finance ]
The pharmacy benefit management organization, Express Scripts, announces that the accounts of certain customers have been accessed by an unauthorized third party.
