1-15 October 2018 Cyber Attacks Timeline

The first cyber attack timeline of October is ready: this fortnight I have collected 54 events, with a level of activity in line with September when I reported respectively 56 and 55 events in the first, and second half of the previous month.

The main event is probably the report of an alleged massive cyber espionage campaign against 30 U.S. companies, including Amazon and Apple, carried out by Chinese actors implanting a chip inside the Super Micro servers used by the targets. Inevitably the report is controversial and there are many doubts on its effective truthfulness, however it’s the example of a supply chain attack, something that is becoming increasingly common.

As always, there is always at least a massive breach in each timeline: this fortnight the list includes the one occurred to Apollo (200 million contact records possibly compromised), and a database of 35 million US voters records, appeared on sale on a forum.

And while another bank (the Indian branch of the State Bank of Mauritius) fell victim of an attack carried out via SWIFT ($14 million worth stolen, of which $10 have allegedly been recovered), the timeline confirms the growing trend of cyber espionage, which saw multiple operations led by old acquaintances like APT10, APT28, Black Energy, and newer actors like Nomadic Octopus, Gallmaker, and FruityArmor.

At the end of the day, 54 events are too many to summarize in few lines, so feel free to read carefully the whole timeline to have a complete view of the threat landscape (and also share it!). The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Finally, you may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 01/10/2018 Attackers linked to Saudi Arabia? Canadian permanent resident and Saudi dissident Omar Abdulaziz A report from The Citizen Lab reveals that the Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted by an attack infecting his phone with NSO’s Pegasus spyware. Malware X Individual CE CA Omar Abdulaziz, NSO, Pegasus, Saudi Arabia
2 2 01/10/2018 ? Apollo Apollo, a sales engagement startup boasting a database of more than 200 million contact records, is hacked and sends an email to its affected customers. Unknown S Other service activities CC US Apollo
3 3 01/10/2018 Roaming Mantis iOS Users Kaspersky discover that the Roaming Mantis group is testing a new monetization scheme by redirecting iOS users to pages that contain the Coinhive in-browser mining script rather than the normal Apple phishing page. Malicious Script Injection X Individual CC >1 Roaming Mantis, CoinHive, iOS, Crypto
4 4 02/10/2018 Hidden Cobra AKA Lazarus Group US Banks A joint technical alert from the DHS, the FBI, and the Treasury warns about a new ATM cash-out scheme, dubbed “FASTCash,” used by the Hidden Cobra APT. Malware K Financial and insurance activities CC US DHS, FBI, FASTCash, Hidden Cobra, Lazarus Group
5 5 02/10/2018 ? SBM Holdings (State Bank of Mauritius India) Mauritius banking group SBM Holdings unveils that its Indian operations suffered a cyber fraud earlier in the week, and that the bank has potentially lost up to $14 million worth. The bank is able to recover $10 million. Fraudulent SWIFT Transactions K Financial and insurance activities CC IN SBM Holdings, SWIFT, State Bank of Mauritius India
6 6 02/10/2018 ? Individuals in the US Researchers from ProofPoint discover a new DanaBot campaign spread through Malspam campaign installing the Hancitor malware. Malware X Individual CC US ProofPoint, DanaBot, Hancitor
7 7 02/10/2018 ? Android Users in Japan and Korea Researchers from Fortinet unveil a new round of attack carried on via the FakeSpy Android malware. Malware X Individual CC >1 Fortinet, FakeSpy
8 8 02/10/2018 ? City of Regina A city of Regina email is hacked, and used as a phishing tool to try and get passwords and emails from other city of Regina staff as well as external groups. Account Hijacking O Public administration and defence, compulsory social security CC CA City of Regina
9 9 02/10/2018 ? WhatsApp Users in Israel A wave of reports about hijacked WhatsApp accounts in Israel has forced the government's cyber-security agency to send out a nation-wide security alert. Account Hijacking X Individual CC IL WhatsApp
10 10 03/10/2018 APT10 AKA Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloud Hopper, Red Leaves Managed Service Providers The US Department of Homeland Security issues an alert about "ongoing" cyber-attacks against managed service providers, indirectly attributed to APT10. Targeted Attack J Information and communication CE US APT10, Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloudhopper, Red Leaves
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

%d bloggers like this: