16-31 December 2018 Cyber Attacks Timeline

Christmas holidays are gone, and it’s time to turn the page on this 2018 with the second timeline of December, the last one for the year just gone.

Cyber Espionage is the main element of this timeline, with at least two remarkable operations: the indictment of the two members of APT10, the state-sponsored actors behind Operation Cloudhopper, a long last campaign against MSPs worldwide, and the discovery of a massive spying operation, once again allegedly orchestrated by Chinese actors, against the diplomatic communication network for the European Union (COREU).

Another state-sponsored actor is behind a suspicious activity on Twitter (causing the shares of the social network giant to tumble seven percent).

Looking at cyber crime, The San Diego Unified School District (SDUSD) revealed that a phishing attack, occurred as early as January 2018, compromised the personal information of more than half a million students. The Ryuk ransomware was also on the spot, an attack allegedly caused by this ransomware prevented production of several newspapers, including the Wall Street Journal and Los Angeles Times, while another one crippled the activities of the cloud hosting provider Dataresolution.net.

Last but not least, Italy confirms to be the preferred target for hacktivists thanks to the political turmoil that is characterizing this country.

As usual, browse the entire timeline to have an idea of the threat landscape, and also share it, to raise the awareness across the community. The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also I will soon publish the statistics for 2018, so stay tuned.

wdt_ID ID Date Author Target Description Attack Target Class Attack Class Country Link Tags
1 1 07/12/2018 ? Titan Manufacturing and Distributing Titan Manufacturing and Distributing notifies consumers that its computer system had been compromised by malware during the period of November 23, 2017 to October 25, 2018. Malicious Script Injection C Manufacturing CC US Titan Manufacturing and Distributing
2 2 16/12/2018 TheHackerGiraffe 100 Internet-connected printers worldwide TheHackerGiraffe does it again, and this time, around 100,000 printers are hijacked, once again, to promote PewDiePie’s YouTube channel. This time the attacker claims that he is able to destroy the printers. Printer misconfiguration Y Multiple Industries CC >1 TheHackerGiraffe, PewDiePie, YouTube
3 3 16/12/2018 ? Individual human right defenders spread across the Middle East and North Africa. Amnesty International identifies several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa. Attackers were able to bypass Gmail, Yahoo 2FA. Account Hijacking X Individual CE >1 Amnesty International
4 4 16/12/2018 ? CCRM Dallas-Fort Worth CCRM Dallas-Fort Worth becomes aware of a potential data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information, after a former nurse's email account is hacked. Account Hijacking Q Human health and social work activities CC US CCRM Dallas-Fort Worth
5 5 17/12/2018 China and Saudi Arabia? Twitter users Twitter shares fall seven percent after the social network giant reveals to have become aware of strange activity from China and Saudi Arabia, suggesting a possible state-sponsored attack, and involving one of its account help form APIs back on Nov. 15. Targeted Attack X Individual CE >1 Twitter, China, Saudi Arabia
6 6 17/12/2018 ? The Wall Street Journal’s website The Wall Street Journal’s website is defaced with a post containing a fake apology supporting YouTube megastar PewDiePie, previously accused of antisemitism by the same paper. Defacement J Information and communication CC US The Wall Street Journal, YouTube, PewDiePie
7 7 17/12/2018 ? University of Vermont Health Network – Elizabethtown Community Hospital University of Vermont Health Network – Elizabethtown Community Hospital notifies 32,000 patients after an employee’s email account is accessed without authorization. The incident occurred on October 9, 2018, Account Hijacking Q Human health and social work activities CC US University of Vermont Health Network – Elizabethtown Community Hospital
8 8 18/12/2018 ? NASA NASA alerts its employees of a possible compromise of NASA servers containing personally identifiable information. The breach was discovered on October 23, and affects NASA Civil Service employees from July 2006 through October 2018. Unknown O Public administration and defence, compulsory social security CC US NASA
9 9 18/12/2018 ? Click2Gov According to a new report published by Gemini Advisory, in the wake of the Ckick2Gov breach, at least 294,929 payment records have been compromised in 46 U.S. cities and sold in the Dark Web. Malware J Information and communication CC US Click2Gov, Gemini Advisory
10 10 18/12/2018 ? Barnes-Jewish Company HealthCare At least 5,850 people are alerted about a possible breach of credit card information through Barnes-Jewish Company HealthCare’s online payment portal. The breach was discovered on Nov. 19 and involved the injection of malicious code into their website. Malicious Script Injection Q Human health and social work activities CC US Barnes-Jewish Company HealthCare
ID Date Author Target Description Attack Target Class Attack Class Country Link Tags

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: