Last Updated on January 8, 2019

Christmas holidays are gone, and it’s time to turn the page on this 2018 with the second timeline of December, the last one for the year just gone.

Cyber Espionage is the main element of this timeline, with at least two remarkable operations: the indictment of the two members of APT10, the state-sponsored actors behind Operation Cloudhopper, a long last campaign against MSPs worldwide, and the discovery of a massive spying operation, once again allegedly orchestrated by Chinese actors, against the diplomatic communication network for the European Union (COREU).

Another state-sponsored actor is behind a suspicious activity on Twitter (causing the shares of the social network giant to tumble seven percent).

Looking at cyber crime, The San Diego Unified School District (SDUSD) revealed that a phishing attack, occurred as early as January 2018, compromised the personal information of more than half a million students. The Ryuk ransomware was also on the spot, an attack allegedly caused by this ransomware prevented production of several newspapers, including the Wall Street Journal and Los Angeles Times, while another one crippled the activities of the cloud hosting provider

Last but not least, Italy confirms to be the preferred target for hacktivists thanks to the political turmoil that is characterizing this country.

As usual, browse the entire timeline to have an idea of the threat landscape, and also share it, to raise the awareness across the community. The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also I will soon publish the statistics for 2018, so stay tuned.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1107/12/2018?Titan Manufacturing and DistributingTitan Manufacturing and Distributing notifies consumers that its computer system had been compromised by malware during the period of November 23, 2017 to October 25, 2018.Malicious Script InjectionC ManufacturingCCUSTitan Manufacturing and Distributing
2216/12/2018TheHackerGiraffe100 Internet-connected printers worldwideTheHackerGiraffe does it again, and this time, around 100,000 printers are hijacked, once again, to promote PewDiePie’s YouTube channel. This time the attacker claims that he is able to destroy the printers.Printer misconfigurationY Multiple IndustriesCC>1TheHackerGiraffe, PewDiePie, YouTube
3316/12/2018?Individual human right defenders spread across the Middle East and North Africa.Amnesty International identifies several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa. Attackers were able to bypass Gmail, Yahoo 2FA.Account HijackingX IndividualCE>1Amnesty International
4416/12/2018?CCRM Dallas-Fort WorthCCRM Dallas-Fort Worth becomes aware of a potential data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information, after a former nurse's email account is hacked.Account HijackingQ Human health and social work activitiesCCUSCCRM Dallas-Fort Worth
5517/12/2018China and Saudi Arabia?Twitter usersTwitter shares fall seven percent after the social network giant reveals to have become aware of strange activity from China and Saudi Arabia, suggesting a possible state-sponsored attack, and involving one of its account help form APIs back on Nov. 15.Targeted AttackX IndividualCE>1Twitter, China, Saudi Arabia
6617/12/2018?The Wall Street Journal’s websiteThe Wall Street Journal’s website is defaced with a post containing a fake apology supporting YouTube megastar PewDiePie, previously accused of antisemitism by the same paper.DefacementJ Information and communicationCCUSThe Wall Street Journal, YouTube, PewDiePie
7717/12/2018?University of Vermont Health Network – Elizabethtown Community HospitalUniversity of Vermont Health Network – Elizabethtown Community Hospital notifies 32,000 patients after an employee’s email account is accessed without authorization. The incident occurred on October 9, 2018,Account HijackingQ Human health and social work activitiesCCUSUniversity of Vermont Health Network – Elizabethtown Community Hospital
8818/12/2018?NASANASA alerts its employees of a possible compromise of NASA servers containing personally identifiable information. The breach was discovered on October 23, and affects NASA Civil Service employees from July 2006 through October 2018.UnknownO Public administration and defence, compulsory social securityCCUSNASA
9918/12/2018?Click2GovAccording to a new report published by Gemini Advisory, in the wake of the Ckick2Gov breach, at least 294,929 payment records have been compromised in 46 U.S. cities and sold in the Dark Web.MalwareJ Information and communicationCCUSClick2Gov, Gemini Advisory
101018/12/2018?Barnes-Jewish Company HealthCareAt least 5,850 people are alerted about a possible breach of credit card information through Barnes-Jewish Company HealthCare’s online payment portal. The breach was discovered on Nov. 19 and involved the injection of malicious code into their website.Malicious Script InjectionQ Human health and social work activitiesCCUSBarnes-Jewish Company HealthCare
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.