Christmas holidays are gone, and it’s time to turn the page on this 2018 with the second timeline of December, the last one for the year just gone.
Cyber Espionage is the main element of this timeline, with at least two remarkable operations: the indictment of the two members of APT10, the state-sponsored actors behind Operation Cloudhopper, a long last campaign against MSPs worldwide, and the discovery of a massive spying operation, once again allegedly orchestrated by Chinese actors, against the diplomatic communication network for the European Union (COREU).
Another state-sponsored actor is behind a suspicious activity on Twitter (causing the shares of the social network giant to tumble seven percent).
Looking at cyber crime, The San Diego Unified School District (SDUSD) revealed that a phishing attack, occurred as early as January 2018, compromised the personal information of more than half a million students. The Ryuk ransomware was also on the spot, an attack allegedly caused by this ransomware prevented production of several newspapers, including the Wall Street Journal and Los Angeles Times, while another one crippled the activities of the cloud hosting provider Dataresolution.net.
Last but not least, Italy confirms to be the preferred target for hacktivists thanks to the political turmoil that is characterizing this country.
As usual, browse the entire timeline to have an idea of the threat landscape, and also share it, to raise the awareness across the community. The timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015, 2016, 2017 and now 2018 are also available, and do not forget the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also I will soon publish the statistics for 2018, so stay tuned.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
07/12/2018
?
Titan Manufacturing and Distributing
Titan Manufacturing and Distributing notifies consumers that its computer system had been compromised by malware during the period of November 23, 2017 to October 25, 2018.
Malicious Script Injection
C Manufacturing
CC
US
Titan Manufacturing and Distributing
2
2
16/12/2018
TheHackerGiraffe
100 Internet-connected printers worldwide
TheHackerGiraffe does it again, and this time, around 100,000 printers are hijacked, once again, to promote PewDiePie’s YouTube channel. This time the attacker claims that he is able to destroy the printers.
Printer misconfiguration
Y Multiple Industries
CC
>1
TheHackerGiraffe, PewDiePie, YouTube
3
3
16/12/2018
?
Individual human right defenders spread across the Middle East and North Africa.
Amnesty International identifies several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa. Attackers were able to bypass Gmail, Yahoo 2FA.
Account Hijacking
X Individual
CE
>1
Amnesty International
4
4
16/12/2018
?
CCRM Dallas-Fort Worth
CCRM Dallas-Fort Worth becomes aware of a potential data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information, after a former nurse's email account is hacked.
Account Hijacking
Q Human health and social work activities
CC
US
CCRM Dallas-Fort Worth
5
5
17/12/2018
China and Saudi Arabia?
Twitter users
Twitter shares fall seven percent after the social network giant reveals to have become aware of strange activity from China and Saudi Arabia, suggesting a possible state-sponsored attack, and involving one of its account help form APIs back on Nov. 15.
Targeted Attack
X Individual
CE
>1
Twitter, China, Saudi Arabia
6
6
17/12/2018
?
The Wall Street Journal’s website
The Wall Street Journal’s website is defaced with a post containing a fake apology supporting YouTube megastar PewDiePie, previously accused of antisemitism by the same paper.
Defacement
J Information and communication
CC
US
The Wall Street Journal, YouTube, PewDiePie
7
7
17/12/2018
?
University of Vermont Health Network – Elizabethtown Community Hospital
University of Vermont Health Network – Elizabethtown Community Hospital notifies 32,000 patients after an employee’s email account is accessed without authorization. The incident occurred on October 9, 2018,
Account Hijacking
Q Human health and social work activities
CC
US
University of Vermont Health Network – Elizabethtown Community Hospital
8
8
18/12/2018
?
NASA
NASA alerts its employees of a possible compromise of NASA servers containing personally identifiable information. The breach was discovered on October 23, and affects NASA Civil Service employees from July 2006 through October 2018.
Unknown
O Public administration and defence, compulsory social security
CC
US
NASA
9
9
18/12/2018
?
Click2Gov
According to a new report published by Gemini Advisory, in the wake of the Ckick2Gov breach, at least 294,929 payment records have been compromised in 46 U.S. cities and sold in the Dark Web.
Malware
J Information and communication
CC
US
Click2Gov, Gemini Advisory
10
10
18/12/2018
?
Barnes-Jewish Company HealthCare
At least 5,850 people are alerted about a possible breach of credit card information through Barnes-Jewish Company HealthCare’s online payment portal. The breach was discovered on Nov. 19 and involved the injection of malicious code into their website.