It’s time to publish the second timeline of January (first one here), covering the main cyber attacks occurred in the second half of this month, plus several additional events that, despite occurred before, were published in the same period.
I really don’t know where to start from: this timeline contains 79+2 events: this 2019 could not start any worse, even because January will be probably remembered as the month of the collections: the five archives of nearly 3 billion credentials scraped from multiple breaches. Not exactly the kind of collections we would like to keep.
Cryptojacking and ransomware continue to characterize the cybercrime landscape: Rocke, Razy, and CookieMiner, are just a few examples of campaigns aimed to install crypotminers, whereas GandCrab continues to be very active in the ransomware space, but there are also new kids on the block such as Anatova and LockerGoga.
Looking at Cyber Espionage, this fortnight has seen the appearance of APT39, an original campaign by Dark Hydrus, using Google Drive as the Command Control Channel, and an interesting operation in the Middle East called Project Raven.
However this timeline is particularly long: there are many other high-profile targets and incidents, Feel free to browse and share it and don’t forget to follow @paulsparrows on Twitter for the latest updates.
wdt_ID
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
1
09/01/2018
?
Salisbury Police Department
The Salisbury Police Department is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Salisbury Police Department, Crypto
2
2
14/01/2019
?
Faben Obstetrics and Gynecology
Faben Obstetrics and Gynecology notifies more than 6,000 patients after a GandCrab ransomware attack occurred in November 2018.
Malware
Q Human health and social work activities
CC
US
Faben Obstetrics and Gynecology, ransomware
3
3
16/01/2019
Silence
Russian Financial Institutions
Attackers from the threat group Silence start a massive campaign (80 thousands emails) on behalf of "Forum iFin-2019", distributing the Silence.Downloader aka TrueBot.
Malware
K Financial and insurance activities
CC
RU
Silence, Forum iFin-2019, Silence.Downloader, TrueBot
4
4
16/01/2019
Nigerian Scammers
Swiss woman living in the United States
A Swiss woman living in the United States loses almost $150,000 after a law firm (KF Solicitors) is victim of online Nigerian scammers.
Account Hijacking
L Real estate activities
CC
AU
KF Solicitors, Nigeria
5
5
17/01/2019
Sanixer
Single Individuals
Researcher Troy Hunt discovers Collection #1, a giant 87 gigabyte archive consisting of 773 million unique email addresses and their associated cracked, or dehashed, passwords.
Unknown
X Individual
CC
>1
Troy Hunt, Collection #1, Sanixer
6
6
17/01/2019
?
Adverline
Researchers from Trend Micro reveal that Adverline, a French online advertising company, is compromised via MageCart, and consequently the infection is spread in 277 websites worldwide.
Malicious Script Injection
M Professional scientific and technical activities
CC
FR
Adverline, MageCart, Trend Micro
7
7
17/01/2019
?
Android Users
Researchers from Trend Micro discover two malicious apps downloaded thousands of times from the Google Play Store, based on the Anubis code (ANDROIDOS_ANUBISDROPPER) and characterized by the fact of using motion-based evasion tactics.
Malware
X Individual
CC
>1
Trend Micro, Google Play Store, Anubis, ANDROIDOS_ANUBISDROPPER, Android
8
8
17/01/2019
?
Android Users
Researcher Lukas Stefanko discovers 19 malicious Android apps with over 50 million installs, pretending to be GPS apps, but instead showing adware.
Malware
X Individual
CC
>1
Lukas Stefanko, Android
9
9
17/01/2019
Rocke Group
Vulnerable Linux Servers
Researchers from Palo Alto Networks' Unit 42 reveal a new version of the cryptojacking malware samples used by the Rocke group for cryptojacking, able to disable cloud security and monitoring tools developed by Tencent Cloud and Alibaba Cloud.
Financial targets in Ivory Coast, Cameroon, Congo (DR), Ghana, and Equatorial Guinea.
Researchers from Symantec reveal four campaigns active since 2017, using commodity malware (NanoCore, Mimikatz, Remote Manipulator System RAT, Imminent Monitor RAT) against financial targets in Ivory Coast, Cameroon, Congo, Ghana, and Equatorial Guinea.
Malware
K Financial and insurance activities
CC
>1
Symantec, NanoCore, Mimikatz, Remote Manipulator System RAT, Imminent Monitor RAT, Ivory Coast, Cameroon, Congo (DR), Ghana, Equatorial Guinea
