16-30 November 2018 Cyber Attacks Timeline

It’s time to publish the second timeline of November, covering the main cyber attacks occurred between November 16 and November 30, plus a few events occurred in November that I missed in the previous timeline.

Autumn seems to be particularly inspiring for crooks, as the level of activity continues to be quite high (I collected 61 events in total, of which 57 happened in the second half of November): quite a long list of events, overshadowed by the massive breach occurred to the Marriott SPG Rewards program, that saw nearly 500 million records compromised since 2014 (and unsurprisingly the fingers are pointed to China). Other massive breaches in this period include: Atrium Health (data of 2.65 million patients compromised), Knuddles.de (1.8 million users compromised and one of the first examples of a fine under GDPR), and High Tail Hall (in this case “only” half a million subscribers had their data stolen).

Banks (in particular the Russian ones in November) are always an appealing target: in particular two groups (MoneyTaker and Silence) wer quite active against them.

In the meantime, state sponsored actors were equally quite active in this fortnight: APT29 was back after some months of silence, the Hades (the group behind the Olympic Destroyer malware) was also back, while APT28 confirms to be a constant threat, like APT32, the Lazarus Group, and MuddyWater.

And despite hacktivists haven’t confirmed the same rage of the first half of the month, there are many other interesting events to browse, so the timeline is at your disposal for a complete view of the threat landscape (and also share it!).

The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 23/10/2018 MoneyTaker Russian Banks Researchers from Group-IB discover a first massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team. Account Hijacking K Financial and insurance activities CC RU MoneyTaker, Group-IB, Central Bank of Russia, FinCERT
2 2 02/11/2018 ? Mac users using the Exodus wallet Security researchers at F-Secure uncover a spam campaign aimed at delivering spyware to Mac users that use the Exodus wallet. Malware X Individual CC >1 F-Secure, Mac
3 3 14/11/2018 Snake Multiple targets in Germany, including: federal lawmakers, military facilities and German embassies Hackers suspected of ties to Russia’s government target Germany with a renewed cyber attack on political institutions, according to the country’s domestic intelligence agency, BfV. Targeted Attack Y Multiple Industries CE DE BfV, Snake
4 4 14/11/2018 ? Vulnerable Linux Servers Researchers at Dr.Web discover a malicious Monero cryptominer specifically designed for Linux named Linux.BtcMine.174. DirtyCow (CVE-2016-5195) and Linux.Exploit.CVE-2013-2094 Vulnerabilities Y Multiple Industries CC >1 Dr.Web, Monero,Linux.BtcMine.174, DirtyCow, CVE-2016-5195, CVE-2013-2094, Crypto
5 5 16/11/2018 Silence Russian Banks Researchers from Group-IB discover a second massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team. Account Hijacking K Financial and insurance activities CC RU Silence, Group-IB, Central Bank of Russia, FinCERT
6 6 16/11/2018 ? New York Oncology Hematology New York Oncology Hematology notifies nearly 130,000 patients and employees that it was the victim of a phishing attack occurred between April 20 and April 27. Account Hijacking Q Human health and social work activities CC US New York Oncology Hematology
7 7 16/11/2018 ? OSIsoft LLC OSIsoft LLC discloses a security breach which affected its employees, consultants, interns, and contractors. The credential theft involves 29 computers and 135 accounts. Account Hijacking J Information and communication CC US OSIsoft LLC
8 8 16/11/2018 Hades Multiple targets Researchers from Check Point discover a new spike of activity from Hades, the threat actor behind the Olympic Destroyer malware. Targeted Attack Y Multiple Industries CW >1 Check Point, Hades
9 9 16/11/2018 ? Center for Vitreo-Retinal Diseases The Center for Vitreo-Retinal Diseases in Illinois notifies more than 20,300 patients after a ransomware attack. Malware Q Human health and social work activities CC US Center for Vitreo-Retinal Diseases
10 10 17/11/2018 APT29 (aka The Dukes, Cozy Bear and Cozy Duke) U.S. government agencies, businesses and think tanks Researchers from Crowdstrike and FireEye uncover a malicious campaign, allegedly carried out by APT29, impersonating a State Department official, and targeting U.S. government agencies, businesses and think tanks. Targeted Attack Y Multiple Industries CE US APT29, The Dukes, Cozy Bear, Cozy Duke, FireEye, Crowdstrike
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: