It’s time to publish the second timeline of November, covering the main cyber attacks occurred between November 16 and November 30, plus a few events occurred in November that I missed in the previous timeline.
Autumn seems to be particularly inspiring for crooks, as the level of activity continues to be quite high (I collected 61 events in total, of which 57 happened in the second half of November): quite a long list of events, overshadowed by the massive breach occurred to the Marriott SPG Rewards program, that saw nearly 500 million records compromised since 2014 (and unsurprisingly the fingers are pointed to China). Other massive breaches in this period include: Atrium Health (data of 2.65 million patients compromised), Knuddles.de (1.8 million users compromised and one of the first examples of a fine under GDPR), and High Tail Hall (in this case “only” half a million subscribers had their data stolen).
Banks (in particular the Russian ones in November) are always an appealing target: in particular two groups (MoneyTaker and Silence) wer quite active against them.
In the meantime, state sponsored actors were equally quite active in this fortnight: APT29 was back after some months of silence, the Hades (the group behind the Olympic Destroyer malware) was also back, while APT28 confirms to be a constant threat, like APT32, the Lazarus Group, and MuddyWater.
And despite hacktivists haven’t confirmed the same rage of the first half of the month, there are many other interesting events to browse, so the timeline is at your disposal for a complete view of the threat landscape (and also share it!).
The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
23/10/2018
MoneyTaker
Russian Banks
Researchers from Group-IB discover a first massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team.
Account Hijacking
K Financial and insurance activities
CC
RU
MoneyTaker, Group-IB, Central Bank of Russia, FinCERT
2
2
02/11/2018
?
Mac users using the Exodus wallet
Security researchers at F-Secure uncover a spam campaign aimed at delivering spyware to Mac users that use the Exodus wallet.
Malware
X Individual
CC
>1
F-Secure, Mac
3
3
14/11/2018
Snake
Multiple targets in Germany, including: federal lawmakers, military facilities and German embassies
Hackers suspected of ties to Russia’s government target Germany with a renewed cyber attack on political institutions, according to the country’s domestic intelligence agency, BfV.
Targeted Attack
Y Multiple Industries
CE
DE
BfV, Snake
4
4
14/11/2018
?
Vulnerable Linux Servers
Researchers at Dr.Web discover a malicious Monero cryptominer specifically designed for Linux named Linux.BtcMine.174.
DirtyCow (CVE-2016-5195) and Linux.Exploit.CVE-2013-2094 Vulnerabilities
Researchers from Group-IB discover a second massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team.
Account Hijacking
K Financial and insurance activities
CC
RU
Silence, Group-IB, Central Bank of Russia, FinCERT
6
6
16/11/2018
?
New York Oncology Hematology
New York Oncology Hematology notifies nearly 130,000 patients and employees that it was the victim of a phishing attack occurred between April 20 and April 27.
Account Hijacking
Q Human health and social work activities
CC
US
New York Oncology Hematology
7
7
16/11/2018
?
OSIsoft LLC
OSIsoft LLC discloses a security breach which affected its employees, consultants, interns, and contractors. The credential theft involves 29 computers and 135 accounts.
Account Hijacking
J Information and communication
CC
US
OSIsoft LLC
8
8
16/11/2018
Hades
Multiple targets
Researchers from Check Point discover a new spike of activity from Hades, the threat actor behind the Olympic Destroyer malware.
Targeted Attack
Y Multiple Industries
CW
>1
Check Point, Hades
9
9
16/11/2018
?
Center for Vitreo-Retinal Diseases
The Center for Vitreo-Retinal Diseases in Illinois notifies more than 20,300 patients after a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Center for Vitreo-Retinal Diseases
10
10
17/11/2018
APT29 (aka The Dukes, Cozy Bear and Cozy Duke)
U.S. government agencies, businesses and think tanks
Researchers from Crowdstrike and FireEye uncover a malicious campaign, allegedly carried out by APT29, impersonating a State Department official, and targeting U.S. government agencies, businesses and think tanks.
Targeted Attack
Y Multiple Industries
CE
US
APT29, The Dukes, Cozy Bear, Cozy Duke, FireEye, Crowdstrike
