Morgan Stanley Wealth Management
March 18, 2022
•[ social, phishing, finance ]
Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in voice phishing (vishing) social engineering attacks.
Charleston Area Medical Center (CAMC)
March 16, 2022
•[ social, phishing, healthcare ]
Charleston Area Medical Center (CAMC) discloses a phishing attack that impacted 54,000 individuals.
Tuloso Midway Independent School District
March 16, 2022
•[ hack, phishing, education ]
Tuloso Midway Independent School District discloses that one employee's email account was accessed without authorization.
RiverKids Pediatric Home Health
March 15, 2022
•[ hack, phishing, healthcare ]
RiverKids Pediatric Home Health notifies 3,494 patients that some of their protected health information has potentially been viewed or stolen as a result of an email security incident.
Whitefish School District
March 11, 2022
•[ social, phishing, education ]
Whitefish School District reports a data breach after an investigation discovered that an employee's computer had been accessible to an attacker after the employee had fallen for a social engineering scam.
European diplomatic entity
March 8, 2022
•[ espionage, phishing, government ]
Researchers from Mandiant detect an incident where APT29 successfully phished a European diplomatic entity and ultimately abused the Windows Credential Roaming feature.
Town of East Windsor
March 7, 2022
•[ hack, phishing, government ]
The town of East Windsor officials confirm that the township experienced a cyber breach that wreaked havoc on its systems and is sending residents fraudulent emails.
Undetermined
February 25, 2022
•[ social, phishing, finance ]
UNC1151 has targeted Employees of a Kazakhstani education institution. Mass phishing emails have recently been observed; after the account is compromised, the threat actiors, by the IMAP protocol, get access to all the messages. Subsequently, the attacks leverage the contact information stored in the victim's address book to propagate the phishing messages to other targets.
Undetermined
February 24, 2022
•[ espionage, phishing, finance ]
A phishing campaign was observed using a possibly compromised Ukrainian armed service member's email account, to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. Researchers indicate there was a clear preference for targeting individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe.
Axis Communications
February 20, 2022
•[ social, phishing, manufacturing ]
Axis Communications is victim of a phishing attack, the company shuts down most of its system in response causing severe disruptions.
Undetermined
February 11, 2022
•[ phishing, malware, finance ]
CERT-UA reported mass distribution of phishing emails supposedly originating from Ukrainian state bodies and targeting Ukrainian entities. The lure is a Ukrainian language translation software, leading to the infection of GrimPlant and GraphSteel.
Wellstar Health System
February 7, 2022
•[ hack, phishing, healthcare ]
Wellstar Health System notifies individuals of a data security incident that occurred when an unauthorized party gained access to two Wellstar email accounts.
Undetermined
February 1, 2022
•[ espionage, phishing, energy ]
Spear phishing email was sent to an employee of a Ukrainian energy organization containing malicious files that would download and install a payload known as SaintBot (a downloader) and OutSteel (a document stealer). The same threat actor group targeted a Western government entity in Ukraine, as well as several Ukrainian government organizations back in March 2021.
Valley View Hospital
January 19, 2022
•[ social, phishing, healthcare ]
Valley View Hospital announces that the email accounts of four employees have been accessed by unauthorized individuals after the employees responded to phishing emails.
Ballad Health
January 13, 2022
•[ social, phishing, healthcare ]
Ballad Health discloses a phishing incident that potentially led to protected health information (PHI) exposure.
Boulder County
January 12, 2022
•[ financial, social, phishing ]
Boulder County is able to recover the almost $238,000 it mistakenly sent to a fraudulent account after a phishing scam in September.
Catholic Hospice
January 12, 2022
•[ social, phishing, healthcare ]
Catholic Hospice suffers phishing attack resulting in unauthroized access to employee email account containing patient information.
