The first cyber attack timeline of October is ready: this fortnight I have collected 54 events, with a level of activity in line with September when I reported respectively 56 and 55 events in the first, and second half of the previous month.
The main event is probably the report of an alleged massive cyber espionage campaign against 30 U.S. companies, including Amazon and Apple, carried out by Chinese actors implanting a chip inside the Super Micro servers used by the targets. Inevitably the report is controversial and there are many doubts on its effective truthfulness, however it’s the example of a supply chain attack, something that is becoming increasingly common.
As always, there is always at least a massive breach in each timeline: this fortnight the list includes the one occurred to Apollo (200 million contact records possibly compromised), and a database of 35 million US voters records, appeared on sale on a forum.
And while another bank (the Indian branch of the State Bank of Mauritius) fell victim of an attack carried out via SWIFT ($14 million worth stolen, of which $10 have allegedly been recovered), the timeline confirms the growing trend of cyber espionage, which saw multiple operations led by old acquaintances like APT10, APT28, Black Energy, and newer actors like Nomadic Octopus, Gallmaker, and FruityArmor.
At the end of the day, 54 events are too many to summarize in few lines, so feel free to read carefully the whole timeline to have a complete view of the threat landscape (and also share it!). The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Finally, you may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
01/10/2018
Attackers linked to Saudi Arabia?
Canadian permanent resident and Saudi dissident Omar Abdulaziz
A report from The Citizen Lab reveals that the Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted by an attack infecting his phone with NSO’s Pegasus spyware.
Malware
X Individual
CE
CA
Omar Abdulaziz, NSO, Pegasus, Saudi Arabia
2
2
01/10/2018
?
Apollo
Apollo, a sales engagement startup boasting a database of more than 200 million contact records, is hacked and sends an email to its affected customers.
Unknown
S Other service activities
CC
US
Apollo
3
3
01/10/2018
Roaming Mantis
iOS Users
Kaspersky discover that the Roaming Mantis group is testing a new monetization scheme by redirecting iOS users to pages that contain the Coinhive in-browser mining script rather than the normal Apple phishing page.
Malicious Script Injection
X Individual
CC
>1
Roaming Mantis, CoinHive, iOS, Crypto
4
4
02/10/2018
Hidden Cobra AKA Lazarus Group
US Banks
A joint technical alert from the DHS, the FBI, and the Treasury warns about a new ATM cash-out scheme, dubbed “FASTCash,” used by the Hidden Cobra APT.
Malware
K Financial and insurance activities
CC
US
DHS, FBI, FASTCash, Hidden Cobra, Lazarus Group
5
5
02/10/2018
?
SBM Holdings (State Bank of Mauritius India)
Mauritius banking group SBM Holdings unveils that its Indian operations suffered a cyber fraud earlier in the week, and that the bank has potentially lost up to $14 million worth. The bank is able to recover $10 million.
Fraudulent SWIFT Transactions
K Financial and insurance activities
CC
IN
SBM Holdings, SWIFT, State Bank of Mauritius India
6
6
02/10/2018
?
Individuals in the US
Researchers from ProofPoint discover a new DanaBot campaign spread through Malspam campaign installing the Hancitor malware.
Malware
X Individual
CC
US
ProofPoint, DanaBot, Hancitor
7
7
02/10/2018
?
Android Users in Japan and Korea
Researchers from Fortinet unveil a new round of attack carried on via the FakeSpy Android malware.
Malware
X Individual
CC
>1
Fortinet, FakeSpy
8
8
02/10/2018
?
City of Regina
A city of Regina email is hacked, and used as a phishing tool to try and get passwords and emails from other city of Regina staff as well as external groups.
Account Hijacking
O Public administration and defence, compulsory social security
CC
CA
City of Regina
9
9
02/10/2018
?
WhatsApp Users in Israel
A wave of reports about hijacked WhatsApp accounts in Israel has forced the government's cyber-security agency to send out a nation-wide security alert.
Account Hijacking
X Individual
CC
IL
WhatsApp
10
10
03/10/2018
APT10 AKA Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloud Hopper, Red Leaves
Managed Service Providers
The US Department of Homeland Security issues an alert about "ongoing" cyber-attacks against managed service providers, indirectly attributed to APT10.
Targeted Attack
J Information and communication
CE
US
APT10, Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloudhopper, Red Leaves