Last Updated on December 30, 2018

The first cyber attack timeline of October is ready: this fortnight I have collected 54 events, with a level of activity in line with September when I reported respectively 56 and 55 events in the first, and second half of the previous month.


The main event is probably the report of an alleged massive cyber espionage campaign against 30 U.S. companies, including Amazon and Apple, carried out by Chinese actors implanting a chip inside the Super Micro servers used by the targets. Inevitably the report is controversial and there are many doubts on its effective truthfulness, however it’s the example of a supply chain attack, something that is becoming increasingly common.

As always, there is always at least a massive breach in each timeline: this fortnight the list includes the one occurred to Apollo (200 million contact records possibly compromised), and a database of 35 million US voters records, appeared on sale on a forum.


And while another bank (the Indian branch of the State Bank of Mauritius) fell victim of an attack carried out via SWIFT ($14 million worth stolen, of which $10 have allegedly been recovered), the timeline confirms the growing trend of cyber espionage, which saw multiple operations led by old acquaintances like APT10, APT28, Black Energy, and newer actors like Nomadic Octopus, Gallmaker, and FruityArmor.

At the end of the day, 54 events are too many to summarize in few lines, so feel free to read carefully the whole timeline to have a complete view of the threat landscape (and also share it!). The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.


Finally, you may always ask for the raw data, but please do not forget to include a short presentation and the purpose of the project. I will not accept requests without any details.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1101/10/2018Attackers linked to Saudi Arabia?Canadian permanent resident and Saudi dissident Omar AbdulazizA report from The Citizen Lab reveals that the Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted by an attack infecting his phone with NSO’s Pegasus spyware.MalwareX IndividualCECAOmar Abdulaziz, NSO, Pegasus, Saudi Arabia
2201/10/2018?ApolloApollo, a sales engagement startup boasting a database of more than 200 million contact records, is hacked and sends an email to its affected customers.UnknownS Other service activitiesCCUSApollo
3301/10/2018Roaming MantisiOS UsersKaspersky discover that the Roaming Mantis group is testing a new monetization scheme by redirecting iOS users to pages that contain the Coinhive in-browser mining script rather than the normal Apple phishing page.Malicious Script InjectionX IndividualCC>1Roaming Mantis, CoinHive, iOS, Crypto
4402/10/2018Hidden Cobra AKA Lazarus GroupUS BanksA joint technical alert from the DHS, the FBI, and the Treasury warns about a new ATM cash-out scheme, dubbed “FASTCash,” used by the Hidden Cobra APT.MalwareK Financial and insurance activitiesCCUSDHS, FBI, FASTCash, Hidden Cobra, Lazarus Group
5502/10/2018?SBM Holdings (State Bank of Mauritius India)Mauritius banking group SBM Holdings unveils that its Indian operations suffered a cyber fraud earlier in the week, and that the bank has potentially lost up to $14 million worth. The bank is able to recover $10 million.Fraudulent SWIFT TransactionsK Financial and insurance activitiesCCINSBM Holdings, SWIFT, State Bank of Mauritius India
6602/10/2018?Individuals in the USResearchers from ProofPoint discover a new DanaBot campaign spread through Malspam campaign installing the Hancitor malware.MalwareX IndividualCCUSProofPoint, DanaBot, Hancitor
7702/10/2018?Android Users in Japan and KoreaResearchers from Fortinet unveil a new round of attack carried on via the FakeSpy Android malware.MalwareX IndividualCC>1Fortinet, FakeSpy
8802/10/2018?City of ReginaA city of Regina email is hacked, and used as a phishing tool to try and get passwords and emails from other city of Regina staff as well as external groups.Account HijackingO Public administration and defence, compulsory social securityCCCACity of Regina
9902/10/2018?WhatsApp Users in IsraelA wave of reports about hijacked WhatsApp accounts in Israel has forced the government's cyber-security agency to send out a nation-wide security alert.Account HijackingX IndividualCCILWhatsApp
101003/10/2018APT10 AKA Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloud Hopper, Red LeavesManaged Service ProvidersThe US Department of Homeland Security issues an alert about "ongoing" cyber-attacks against managed service providers, indirectly attributed to APT10.Targeted AttackJ Information and communicationCEUSAPT10, Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloudhopper, Red Leaves
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.