16-31 August Cyber Attacks Timeline

Here we go with the second timeline of August covering the main cyber attacks occurred between August 16th and August 31st. A timeline apparently indicating that the malicious actors decided to end their summer break quite soon, as the number of recorded events is considerable higher that the first timeline (available here).

New timeline… New massive breaches… And the winner for this fortnight is Huazhu Group Ltd., one of China’s largest hotel operators, which had the details of 130 million customers leaked in the dark web. Unfortunately even T-Mobile and Air Canada were hit hard (with the records of respectively 2 million and 1.7 million individuals compromised).

Another interesting factor characterizing this fortnight is the discovery (and consequent takedown) of suspected influence and misinformation operations carried out via social network bots. Not only a massive campaign targeting audience in US, UK, Middle East and Latin America has been uncovered, but also the Swedish Security Service has revealed a proliferation of new bots trying to influence the general elections.

But also state-sponsored actors were quite active: this timeline includes operations from the likes of APT28, Turla, the Lazarus Group, TA555, Cobalt, and also suspected actors from China’s Tsinghua University, and from Iran.

Of course the list doesn’t end here! My advice is to read it all and realize the fragility of our identity inside the cyber space. And id you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.

Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and please notice that, starting from this month, it is possible to download the raw data directly from the tools above the table. You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I am not supposed to accept requests without any details.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 15/08/2018 ? Hans Keirstead Rolling Stone reveals that the U.S. Federal Bureau of Investigation is investigating a series of cyberattacks over the past year that targeted Dr. Hans Keirstead, a Democratic candidate in California. Targeted Attack O Public administration and defence, compulsory social security CE US Hans Keirstead, Rolling Stone
2 2 16/08/2018 Malicious Actors from China Alaska Communications Systems Group Inc Ensco Plc’s Atwood Oceanics, The Alaska Department of Natural Resources The Alaska governor’s office Regional internet service provider TelAlaska Cybersecurity firm Recorded Future said the Hackers operating from China’s Tsinghua University targeted U.S. energy and communications companies, as well as the Alaskan state government, in the weeks before and after Alaska’s trade mission to China. Account Hijacking Y Multiple Industries CE US Recorded Future, China, Alaska Communications Systems Group Inc,Ensco Plc’s, Atwood Oceanics,The Alaska Department of Natural Resources, The Alaska governor’s office, Regional internet service provider TelAlaska
3 3 16/08/2018 ? Augusta University Health Augusta University Health discloses a breach affecting 417,000 patients as a consequence of two phishing attacks occurred on September 11, 2017 and July 31, 2018. Account Hijacking Q Human health and social work activities CC US Augusta University Health
4 4 16/08/2018 ? Several Financial Institutions Proofpoint researchers discover a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware is dubbed “Marap” (“param” backwards). Malware K Financial and insurance activities CC >1 Proofpoint, Marap
5 5 17/08/2018 ? Eastern Maine Community College Eastern Maine Community College in Bangor warns of a possible data breach that could have exposed the personal information of current and former staff and students (42,000 individuals). Malware P Education CC US Eastern Maine Community College
6 6 17/08/2018 ? Individual Users Researchers from Trustwave Spiderlabs and Cofense reveal the details of a malicious spam campaign, targeting the banking industry, and using unusual Microsoft Publisher documents, originating from the Necurs botnet. Malware K Financial and insurance activities CC >1 Trustwave, Micorosoft Publisher, Necurs
7 7 17/08/2018 ? Compromised Wordpress Sites Researchers from Sucuri uncover a malicious campaign targeting up to 3,000 infected Wordpress sites, carried out via a URL shortener, a fake plug-in and a malicious popuplink.js. Malicious Script Injection X Individual CC >1 Sucuri, Wordpress, popuplink.js
8 8 18/08/2018 ? David Min Reuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate in California. Targeted Attack O Public administration and defence, compulsory social security CE US David Min, Reuters, FBI
9 9 18/08/2018 ? Bossier City Some Bossier City water customers may have had their information compromised due to a possible breach of an online billing payment system. Malware O Public administration and defence, compulsory social security CC US Bossier City
10 10 20/08/2018 ? Legacy Health Legacy Health notifies 38,000 patients that a phishing attack may have breached their data. Officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018. Account Hijacking Q Human health and social work activities CC US Legacy Health
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

%d bloggers like this: