Last Updated on February 14, 2019

It’s time to publish the second timeline of January (first one here), covering the main cyber attacks occurred in the second half of this month, plus several additional events that, despite occurred before, were published in the same period.

I really don’t know where to start from: this timeline contains 79+2 events: this 2019 could not start any worse, even because January will be probably remembered as the month of the collections: the five archives of nearly 3 billion credentials scraped from multiple breaches. Not exactly the kind of collections we would like to keep.

Cryptojacking and ransomware continue to characterize the cybercrime landscape: Rocke, Razy, and CookieMiner, are just a few examples of campaigns aimed to install crypotminers, whereas GandCrab continues to be very active in the ransomware space, but there are also new kids on the block such as Anatova and LockerGoga.

Looking at Cyber Espionage, this fortnight has seen the appearance of APT39, an original campaign by Dark Hydrus, using Google Drive as the Command Control Channel, and an interesting operation in the Middle East called Project Raven.

However this timeline is particularly long: there are many other high-profile targets and incidents, Feel free to browse and share it and don’t forget to follow @paulsparrows on Twitter for the latest updates.

wdt_IDIDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags
1109/01/2018?Salisbury Police DepartmentThe Salisbury Police Department is hit by a ransomware attack.MalwareO Public administration and defence, compulsory social securityCCUSSalisbury Police Department, Crypto
2214/01/2019?Faben Obstetrics and GynecologyFaben Obstetrics and Gynecology notifies more than 6,000 patients after a GandCrab ransomware attack occurred in November 2018.MalwareQ Human health and social work activitiesCCUSFaben Obstetrics and Gynecology, ransomware
3316/01/2019SilenceRussian Financial InstitutionsAttackers from the threat group Silence start a massive campaign (80 thousands emails) on behalf of "Forum iFin-2019", distributing the Silence.Downloader aka TrueBot.MalwareK Financial and insurance activitiesCCRUSilence, Forum iFin-2019, Silence.Downloader, TrueBot
4416/01/2019Nigerian ScammersSwiss woman living in the United StatesA Swiss woman living in the United States loses almost $150,000 after a law firm (KF Solicitors) is victim of online Nigerian scammers.Account HijackingL Real estate activitiesCCAUKF Solicitors, Nigeria
5517/01/2019SanixerSingle IndividualsResearcher Troy Hunt discovers Collection #1, a giant 87 gigabyte archive consisting of 773 million unique email addresses and their associated cracked, or dehashed, passwords.UnknownX IndividualCC>1Troy Hunt, Collection #1, Sanixer
6617/01/2019?AdverlineResearchers from Trend Micro reveal that Adverline, a French online advertising company, is compromised via MageCart, and consequently the infection is spread in 277 websites worldwide.Malicious Script InjectionM Professional scientific and technical activitiesCCFRAdverline, MageCart, Trend Micro
7717/01/2019?Android UsersResearchers from Trend Micro discover two malicious apps downloaded thousands of times from the Google Play Store, based on the Anubis code (ANDROIDOS_ANUBISDROPPER) and characterized by the fact of using motion-based evasion tactics.MalwareX IndividualCC>1Trend Micro, Google Play Store, Anubis, ANDROIDOS_ANUBISDROPPER, Android
8817/01/2019?Android UsersResearcher Lukas Stefanko discovers 19 malicious Android apps with over 50 million installs, pretending to be GPS apps, but instead showing adware.MalwareX IndividualCC>1Lukas Stefanko, Android
9917/01/2019Rocke GroupVulnerable Linux ServersResearchers from Palo Alto Networks' Unit 42 reveal a new version of the cryptojacking malware samples used by the Rocke group for cryptojacking, able to disable cloud security and monitoring tools developed by Tencent Cloud and Alibaba Cloud.MalwareY Multiple IndustriesCC>1Palo Alto Networks, Unit 42, Rocke, Tencent Cloud, Alibaba Cloud, Linux, Crypto
101017/01/2019?Financial targets in Ivory Coast, Cameroon, Congo (DR), Ghana, and Equatorial Guinea.Researchers from Symantec reveal four campaigns active since 2017, using commodity malware (NanoCore, Mimikatz, Remote Manipulator System RAT, Imminent Monitor RAT) against financial targets in Ivory Coast, Cameroon, Congo, Ghana, and Equatorial Guinea.MalwareK Financial and insurance activitiesCC>1Symantec, NanoCore, Mimikatz, Remote Manipulator System RAT, Imminent Monitor RAT, Ivory Coast, Cameroon, Congo (DR), Ghana, Equatorial Guinea
IDDateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLinkTags

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.