Last Updated on December 30, 2018

It’s time to publish the second timeline of November, covering the main cyber attacks occurred between November 16 and November 30, plus a few events occurred in November that I missed in the previous timeline.

Autumn seems to be particularly inspiring for crooks, as the level of activity continues to be quite high (I collected 61 events in total, of which 57 happened in the second half of November): quite a long list of events, overshadowed by the massive breach occurred to the Marriott SPG Rewards program, that saw nearly 500 million records compromised since 2014 (and unsurprisingly the fingers are pointed to China). Other massive breaches in this period include: Atrium Health (data of 2.65 million patients compromised), (1.8 million users compromised and one of the first examples of a fine under GDPR), and High Tail Hall (in this case “only” half a million subscribers had their data stolen).

Banks (in particular the Russian ones in November) are always an appealing target: in particular two groups (MoneyTaker and Silence) wer quite active against them.

In the meantime, state sponsored actors were equally quite active in this fortnight: APT29 was back after some months of silence, the Hades (the group behind the Olympic Destroyer malware) was also back, while APT28 confirms to be a constant threat, like APT32, the Lazarus Group, and MuddyWater.

And despite hacktivists haven’t confirmed the same rage of the first half of the month, there are many other interesting events to browse, so the timeline is at your disposal for a complete view of the threat landscape (and also share it!).

The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1123/10/2018MoneyTakerRussian BanksResearchers from Group-IB discover a first massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team.Account HijackingK Financial and insurance activitiesCCRUMoneyTaker, Group-IB, Central Bank of Russia, FinCERT
2202/11/2018?Mac users using the Exodus walletSecurity researchers at F-Secure uncover a spam campaign aimed at delivering spyware to Mac users that use the Exodus wallet.MalwareX IndividualCC>1F-Secure, Mac
3314/11/2018SnakeMultiple targets in Germany, including: federal lawmakers, military facilities and German embassiesHackers suspected of ties to Russia’s government target Germany with a renewed cyber attack on political institutions, according to the country’s domestic intelligence agency, BfV.Targeted AttackY Multiple IndustriesCEDEBfV, Snake
4414/11/2018?Vulnerable Linux ServersResearchers at Dr.Web discover a malicious Monero cryptominer specifically designed for Linux named Linux.BtcMine.174.DirtyCow (CVE-2016-5195) and Linux.Exploit.CVE-2013-2094 VulnerabilitiesY Multiple IndustriesCC>1Dr.Web, Monero,Linux.BtcMine.174, DirtyCow, CVE-2016-5195, CVE-2013-2094, Crypto
5516/11/2018SilenceRussian BanksResearchers from Group-IB discover a second massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team.Account HijackingK Financial and insurance activitiesCCRUSilence, Group-IB, Central Bank of Russia, FinCERT
6616/11/2018?New York Oncology HematologyNew York Oncology Hematology notifies nearly 130,000 patients and employees that it was the victim of a phishing attack occurred between April 20 and April 27.Account HijackingQ Human health and social work activitiesCCUSNew York Oncology Hematology
7716/11/2018?OSIsoft LLCOSIsoft LLC discloses a security breach which affected its employees, consultants, interns, and contractors. The credential theft involves 29 computers and 135 accounts.Account HijackingJ Information and communicationCCUSOSIsoft LLC
8816/11/2018HadesMultiple targetsResearchers from Check Point discover a new spike of activity from Hades, the threat actor behind the Olympic Destroyer malware.Targeted AttackY Multiple IndustriesCW>1Check Point, Hades
9916/11/2018?Center for Vitreo-Retinal DiseasesThe Center for Vitreo-Retinal Diseases in Illinois notifies more than 20,300 patients after a ransomware attack.MalwareQ Human health and social work activitiesCCUSCenter for Vitreo-Retinal Diseases
101017/11/2018APT29 (aka The Dukes, Cozy Bear and Cozy Duke)U.S. government agencies, businesses and think tanksResearchers from Crowdstrike and FireEye uncover a malicious campaign, allegedly carried out by APT29, impersonating a State Department official, and targeting U.S. government agencies, businesses and think tanks.Targeted AttackY Multiple IndustriesCEUSAPT29, The Dukes, Cozy Bear, Cozy Duke, FireEye, Crowdstrike
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.