Here we go with the second timeline of August covering the main cyber attacks occurred between August 16th and August 31st. A timeline apparently indicating that the malicious actors decided to end their summer break quite soon, as the number of recorded events is considerable higher that the first timeline (available here).
New timeline… New massive breaches… And the winner for this fortnight is Huazhu Group Ltd., one of China’s largest hotel operators, which had the details of 130 million customers leaked in the dark web. Unfortunately even T-Mobile and Air Canada were hit hard (with the records of respectively 2 million and 1.7 million individuals compromised).
Another interesting factor characterizing this fortnight is the discovery (and consequent takedown) of suspected influence and misinformation operations carried out via social network bots. Not only a massive campaign targeting audience in US, UK, Middle East and Latin America has been uncovered, but also the Swedish Security Service has revealed a proliferation of new bots trying to influence the general elections.
But also state-sponsored actors were quite active: this timeline includes operations from the likes of APT28, Turla, the Lazarus Group, TA555, Cobalt, and also suspected actors from China’s Tsinghua University, and from Iran.
Of course the list doesn’t end here! My advice is to read it all and realize the fragility of our identity inside the cyber space. And id you want, you may also have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 (regularly updated… Hopefully!). And do not forget the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Last but not least, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and please notice that, starting from this month, it is possible to download the raw data directly from the tools above the table. You may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I am not supposed to accept requests without any details.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
15/08/2018
?
Hans Keirstead
Rolling Stone reveals that the U.S. Federal Bureau of Investigation is investigating a series of cyberattacks over the past year that targeted Dr. Hans Keirstead, a Democratic candidate in California.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
Hans Keirstead, Rolling Stone
2
2
16/08/2018
Malicious Actors from China
Alaska Communications Systems Group Inc
Ensco Plc’s
Atwood Oceanics,
The Alaska Department of Natural Resources
The Alaska governor’s office
Regional internet service provider TelAlaska
Cybersecurity firm Recorded Future said the Hackers operating from China’s Tsinghua University targeted U.S. energy and communications companies, as well as the Alaskan state government, in the weeks before and after Alaska’s trade mission to China.
Account Hijacking
Y Multiple Industries
CE
US
Recorded Future, China, Alaska Communications Systems Group Inc,Ensco Plc’s, Atwood Oceanics,The Alaska Department of Natural Resources, The Alaska governor’s office, Regional internet service provider TelAlaska
3
3
16/08/2018
?
Augusta University Health
Augusta University Health discloses a breach affecting 417,000 patients as a consequence of two phishing attacks occurred on September 11, 2017 and July 31, 2018.
Account Hijacking
Q Human health and social work activities
CC
US
Augusta University Health
4
4
16/08/2018
?
Several Financial Institutions
Proofpoint researchers discover a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware is dubbed “Marap” (“param” backwards).
Malware
K Financial and insurance activities
CC
>1
Proofpoint, Marap
5
5
17/08/2018
?
Eastern Maine Community College
Eastern Maine Community College in Bangor warns of a possible data breach that could have exposed the personal information of current and former staff and students (42,000 individuals).
Malware
P Education
CC
US
Eastern Maine Community College
6
6
17/08/2018
?
Individual Users
Researchers from Trustwave Spiderlabs and Cofense reveal the details of a malicious spam campaign, targeting the banking industry, and using unusual Microsoft Publisher documents, originating from the Necurs botnet.
Malware
K Financial and insurance activities
CC
>1
Trustwave, Micorosoft Publisher, Necurs
7
7
17/08/2018
?
Compromised Wordpress Sites
Researchers from Sucuri uncover a malicious campaign targeting up to 3,000 infected Wordpress sites, carried out via a URL shortener, a fake plug-in and a malicious popuplink.js.
Malicious Script Injection
X Individual
CC
>1
Sucuri, Wordpress, popuplink.js
8
8
18/08/2018
?
David Min
Reuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate in California.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
David Min, Reuters, FBI
9
9
18/08/2018
?
Bossier City
Some Bossier City water customers may have had their information compromised due to a possible breach of an online billing payment system.
Malware
O Public administration and defence, compulsory social security
CC
US
Bossier City
10
10
20/08/2018
?
Legacy Health
Legacy Health notifies 38,000 patients that a phishing attack may have breached their data. Officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018.
